Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM4CC8B98F4ED9C725505EC4B5E1489B4CB39C09C7F45C9B5BFCFB09D329EEEC7A
HistoryAug 30, 2022 - 4:36 p.m.

Security Bulletin:IBM TRIRIGA Application Platform discloses CVE-20215-0250

2022-08-3016:36:11
www.ibm.com
21

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.9 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:N/A:C

0.059 Low

EPSS

Percentile

93.3%

JSON

Summary

IBM TRIRIGA Application Platform discloses CVE-2015-0250

Vulnerability Details

CVEID:CVE-2015-0250
**DESCRIPTION:**Apache Batik could allow a remote attacker to obtain sensitive information. By persuading a victim to open a specially-crafted SVG file, an attacker could exploit this vulnerability to reveal files and obtain sensitive information.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/101614 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVEID:CVE-2017-5662
**DESCRIPTION:**Apache Batik could allow a remote authenticated attacker to obtain sensitive information, caused by an XML external entity (XXE) error when processing XML data. By using a specially-crafted SVG file, a remote attacker could exploit this vulnerability to obtain sensitive information or possibly cause a denial of service.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/125198 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)

CVEID:CVE-2018-8013
**DESCRIPTION:**Apache Batik could allow a remote attacker to obtain sensitive information, caused by an error when deserializing subclass of AbstractDocument. An attacker could exploit this vulnerability to reveal files and obtain sensitive information.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/143678 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM TRIRIGA Application Platform 3.6.
IBM TRIRIGA Application Platform 3.7
IBM TRIRIGA Application Platform 3.8
IBM TRIRIGA Application Platform 4.0
IBM TRIRIGA Application Platform 4.1

Remediation/Fixes

Product|VRMF|

Remediation/First Fix

—|—|—
IBM TRIRIGA Application Platform| 3.6.1.3| The fix is available for download on FixCentral.
IBM TRIRIGA Application Platform| 3.7.0.1| The fix is available for download on FixCentral
IBM TRIRIGA Application Platform| 3.8.0.1| The fix is available for download on FixCentral
IBM TRIRIGA Application Platform| 4.0.2| The fix is available for download on FixCentral
IBM TRIRIGA Application Platform| 4.1.1| The fix is available for download on FixCentral

Workarounds and Mitigations

None

Related

ibm 26
debian 7
openvas 15
nessus 26
osv 8
fedora 8
cve 3
veracode 3
ubuntu 3
github 3
redhatcve 1
mageia 1
ubuntucve 3
prion 3
debiancve 3
redhat 7
archlinux 1
securityvulns 2
gitlab 1
gentoo 1
oracle 10
ibm
ibm
Security Bulletin: Vulnerabilities found in batik-all-1.7.jar, batik-dom-1.7.jar which is shipped with IBM® Intelligent Operations Center(CVE-2018-8013, CVE-2017-5662, CVE-2015-0250)
2023-09-05 08:40:21
Security Bulletin: The IBM® Engineering System Design Rhapsody products on IBM Jazz Technology contains additional security fixes for CVE-2015-0250, CVE-2018-8013, CVE-2017-5662 batik-dom-1.7.jar (Publicly disclosed vulnerability found by WhiteSource)
2023-07-13 10:54:14
Security Bulletin: Multiple vulnerabilities in Apache Batik affect Tivoli Netcool/OMNIbus WebGUI (CVE-2017-5662, CVE-2018-8013, CVE-2015-0250, CVE-2019-17566)
2020-12-15 13:01:33
debian
debian
[SECURITY] [DSA 4215-1] batik security update
2018-06-02 08:13:08
[SECURITY] [DSA 4215-1] batik security update
2018-06-02 08:13:08
[SECURITY] [DLA 1385-1] batik security update
2018-05-25 19:29:50
openvas
openvas
Debian Security Advisory DSA 4215-1 (batik - security update)
2018-06-02 00:00:00
Fedora Update for batik FEDORA-2018-79792e0c64
2018-06-10 00:00:00
Ubuntu Update for batik USN-3661-1
2018-10-26 00:00:00
nessus
nessus
Debian DSA-4215-1 : batik - security update
2018-06-05 00:00:00
Fedora 25 : batik (2017-43b46cd2da)
2017-05-10 00:00:00
Ubuntu 14.04 LTS : Apache Batik vulnerability (USN-3280-1)
2017-05-10 00:00:00
osv
osv
batik - security update
2018-06-02 00:00:00
CVE-2017-5662
2017-04-18 14:59:00
CVE-2018-8013
2018-05-24 16:29:00
fedora
fedora
[SECURITY] Fedora 25 Update: batik-1.8-9.fc25
2017-05-10 04:02:57
[SECURITY] Fedora 26 Update: batik-1.9-3.fc26
2017-05-09 21:29:07
[SECURITY] Fedora 27 Update: batik-1.10-1.fc27
2018-06-09 19:47:37
cve
cve
CVE-2017-5662
2017-04-18 14:59:00
CVE-2015-0250
2015-03-24 17:59:00
CVE-2018-8013
2018-05-24 16:29:00
veracode
veracode
Information Disclosure
2018-05-24 02:45:41
Information Disclosure Through An External XML Entity (XXE) Vulnerability
2017-04-19 01:00:17
XML External Entity (XXE) Injection
2017-04-13 02:00:52
ubuntu
ubuntu
Apache Batik vulnerability
2017-05-09 00:00:00
Batik vulnerability
2018-05-29 00:00:00
Batik vulnerability
2015-03-25 00:00:00
github
github
Improper Restriction of XML External Entity Reference in Apache Batik
2022-05-13 01:14:24
Improper Input Validation in Apache Batik
2022-05-17 00:28:34
Deserialization of Untrusted Data in Apache Batik
2022-05-13 01:14:24
redhatcve
redhatcve
CVE-2018-8013
2018-05-23 14:20:02
mageia
mageia
Updated batik packages fix security vulnerabilities
2015-04-10 01:44:14
ubuntucve
ubuntucve
CVE-2015-0250
2015-03-18 00:00:00
CVE-2017-5662
2017-04-18 00:00:00
CVE-2018-8013
2018-05-23 00:00:00
prion
prion
Code injection
2017-04-18 14:59:00
Xxe
2015-03-24 17:59:00
Deserialization of untrusted data
2018-05-24 16:29:00
debiancve
debiancve
CVE-2017-5662
2017-04-18 14:59:00
CVE-2015-0250
2015-03-24 17:59:00
CVE-2018-8013
2018-05-24 16:29:00
redhat
redhat
(RHSA-2016:0042) Moderate: Red Hat JBoss BPM Suite 6.1.5 update
2016-01-14 18:31:13
(RHSA-2016:0041) Moderate: Red Hat JBoss BRMS 6.1.5 update
2016-01-14 18:31:11
(RHSA-2017:2546) Important: Red Hat JBoss BPM Suite 6.4.5 security update
2017-08-29 19:31:56
archlinux
archlinux
java-batik: xml external entity injection
2015-04-04 00:00:00
securityvulns
securityvulns
Apache libbatik XXE
2015-05-11 00:00:00
[USN-2548-1] Batik vulnerability
2015-05-11 00:00:00
gitlab
gitlab
Improper Restriction of XML External Entity Reference
2015-03-24 00:00:00
gentoo
gentoo
Apache Batik: Multiple Vulnerabilities
2024-01-07 00:00:00
oracle
oracle
CPU July 2018
2018-07-17 00:00:00
Oracle Critical Patch Update - April 2018
2018-04-17 00:00:00
Oracle Critical Patch Update Advisory - October 2020
2020-10-20 00:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.9 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:N/A:C

0.059 Low

EPSS

Percentile

93.3%

JSON
Related for 4CC8B98F4ED9C725505EC4B5E1489B4CB39C09C7F45C9B5BFCFB09D329EEEC7A
ibm26debian7openvas15nessus26osv8fedora8cve3veracode3ubuntu3github3redhatcve1mageia1ubuntucve3prion3debiancve3redhat7archlinux1securityvulns2gitlab1gentoo1oracle10