Apache Batik could in theory allow a remote attacker to obtain sensitive information. By persuading a victim to open a specially-crafted SVG file, an attacker could exploit this vulnerability to reveal files and obtain sensitive information.
CVEID:CVE-2015-0250_ _
DESCRIPTION:
Apache Batik could allow a remote attacker to obtain sensitive information. By persuading a victim to open a specially-crafted SVG file, an attacker could exploit this vulnerability to reveal files and obtain sensitive information.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/101614>
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
ITNCM: 6.3.0.6 and earlier
ITNCM: 6.4.1.2 and earlier
Product
| Version | Link | Remediation/First Fix
โ|โ|โ|โ
ITNCM | 6.4.x | http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%2FTivoli&product=ibm/Tivoli/Tivoli+Netcool+Configuration+Manager&release=All&platform=All&function=fixId&fixids=6.4.1-TIV-ITNCM-LINUX-FP003&includeRequisites=1&includeSupersedes=0&downloadMethod=http
Search for 6.4.1-TIV-ITNCM-LINUX-FP003 on Fix Central.
| Apply 6.4.1.3 which has been supplied with an upgraded version of Apache Batik.
ITNCM | 6.3.x | http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Tivoli&product=ibm/Tivoli/Tivoli+Netcool+Configuration+Manager&release=6.3.0.6&platform=All&function=all
Search 6.3.0-TIV-ITNCM-FP003 on Fix Central.
| Apply 6.3.0.6 interim fix ITNCM_6.3.0.6-IF003 which has been supplied with an upgraded version of Apache Batik.
None