7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.009 Low
EPSS
Percentile
82.9%
A vulnerability in the Apache Batik XML SVG graphics rendering, generation, and management library is related to the fact that,
the application allows Java classes to be run via JavaScript. Exploitation of the vulnerability could allow
an attacker acting remotely to use JavaScript to execute a Java class on a system and
obtain the results of its execution
A vulnerability in the Apache Batik XML SVG graphics rendering, generation and management library is associated with an
insecure handling of .jar file references within .svg images. Exploitation of the vulnerability could
allow an attacker acting remotely to upload a malicious .svg image containing links to .jar files and execute the malicious .jar image.
to .jar files and execute arbitrary Java code on the system
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.009 Low
EPSS
Percentile
82.9%