IBMEC3C1677B095C2D41B84F8A8E2A6BA680816BD59E4C8D283D474291C009898ABSecurity Bulletin: Security Vulnerability in Apache Batik (CVE-2015-0250)
EPSS
Percentile
92.5%
Summary
Apache Batik could allow a remote attacker to obtain sensitive information. By persuading a victim to open a specially-crafted SVG file, an attacker could exploit this vulnerability to reveal files and obtain sensitive information.
Vulnerability Details
CVEID: CVE-2015-0250 **
DESCRIPTION:** Apache Batik could allow a remote attacker to obtain sensitive information. By persuading a victim to open a specially-crafted SVG file, an attacker could exploit this vulnerability to reveal files and obtain sensitive information.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101614 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Affected Products and Versions
Product Name
| Versions Affected
โ|โ
Rational Developer for Power Systems Software| 8.0, 8.0.0.1, 8.0.0.2, 8.0.0.3, 8.0.3, 8.0.3.1, 8.5, 8.5.1
Rational Developer for i| 9.0, 9.0.0.1, 9.0.1, 9.1, 9.1.1, 9.1.1.1
Rational Developer for AIX and Linux, AIX COBOL Edition| 9.0, 9.0.0.1, 9.0.1, 9.1, 9.1.1
Rational Developer for AIX and Linux, C/C++ Edition| 9.0, 9.0.0.1, 9.0.1, 9.1, 9.1.1
Remediation/Fixes
Update the tools relying on batik in the product to address this vulnerability:
| Product | VRMF | Remediation/First Fix |
|---|---|---|
| Apply the fix from the corresponding version of Rational Application Developer to your affected product version. | 8.0.x, 8.5.x, 9.0.x, and 9.1.x | Apply the fix for Apache Batik update for CVE-2015-0250 |
Related
EPSS
Percentile
92.5%