Important: batik

🗓️ 07 Mar 2023 00:00:00Reported by AmazonType

amazon

amazon🔗 alas.aws.amazon.com👁 71 Views

Apache Batik 1.13 and 1.14 SSRF vulnerabilities, Untrusted Java and JavaScript Code Execution, Update to 1.1

Reporter	Title	Published	Views	Family All 254
IBM Security Bulletins	Security Bulletin: Vulnerability in Apache Batik library affect Tivoli Netcool/OMNIbus WebGUI (CVE-2022-40146)	20 Oct 202514:19	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities affect the IBM App Connect Enterprise Toolkit and the IBM Integration Bus Toolkit	30 Jun 202309:23	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities discovered in libraries used by TCRtoolkit in ITNM	4 Jan 202315:55	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in batik-all library affects IBM Engineering Test Management (ETM) (CVE-2022-38648, CVE-2022-40146, CVE-2022)	2 May 202307:44	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM is vulnerable to Using Components with Known Vulnerabilities	23 Jul 202113:09	–	ibm
IBM Security Bulletins	Security Bulletin: There are several vulnerabilities in Apache Batik used by IBM Maximo Asset Management (CVE-2022-40146, CVE-2022-38648, CVE-2022-38398)	5 Apr 202315:03	–	ibm
IBM Security Bulletins	Security Bulletin:IBM TRIRIGA Application Platform discloses CVE-2020-11987	30 Aug 202216:22	–	ibm
IBM Security Bulletins	Security Bulletin: The IBM® Engineering System Design Rhapsody products on IBM Jazz Technology contains additional security fixe for CVE-2022-40146, CVE-2022-38648, CVE-2022-38398 for batik-bridge-1.7.jar (Publicly disclosed vulnerability found by Mend)	13 Jul 202310:57	–	ibm
IBM Security Bulletins	Security Bulletin: There are several vulnerabilities in Apache Batik used by IBM Jazz Reporting Service (CVE-2022-40146, CVE-2022-38648, CVE-2022-38398)	4 Oct 202310:44	–	ibm
IBM Security Bulletins	Security Bulletin: There are several vulnerabilities in Apache Batik used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-40146, CVE-2022-38648, CVE-2022-38398)	4 Apr 202321:55	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
Amazon Linux	1	i686	batik	1.7-10.10.amzn1	batik-1.7-10.10.amzn1.i686.rpm
Amazon Linux	1	x86_64	batik	1.7-10.10.amzn1	batik-1.7-10.10.amzn1.x86_64.rpm
Amazon Linux	1	i686	batik-demo	1.7-10.10.amzn1	batik-demo-1.7-10.10.amzn1.i686.rpm
Amazon Linux	1	x86_64	batik-demo	1.7-10.10.amzn1	batik-demo-1.7-10.10.amzn1.x86_64.rpm
Amazon Linux	1	any	batik-javadoc	1.7-10.10.amzn1	batik-javadoc-1.7-10.10.amzn1.noarch.rpm
Amazon Linux	1	i686	batik-rasterizer	1.7-10.10.amzn1	batik-rasterizer-1.7-10.10.amzn1.i686.rpm
Amazon Linux	1	x86_64	batik-rasterizer	1.7-10.10.amzn1	batik-rasterizer-1.7-10.10.amzn1.x86_64.rpm
Amazon Linux	1	i686	batik-slideshow	1.7-10.10.amzn1	batik-slideshow-1.7-10.10.amzn1.i686.rpm
Amazon Linux	1	x86_64	batik-slideshow	1.7-10.10.amzn1	batik-slideshow-1.7-10.10.amzn1.x86_64.rpm
Amazon Linux	1	i686	batik-squiggle	1.7-10.10.amzn1	batik-squiggle-1.7-10.10.amzn1.i686.rpm

07 Mar 2023 00:00Current

7.2High risk

Vulners AI Score7.2

CVSS 26.4

CVSS 3.17.5 - 8.2

EPSS0.47784

batik ssrf vulnerability untrusted java code javascript update