Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
rosalinuxROSA LABROSA-SA-2023-2239
HistoryOct 10, 2023 - 8:57 a.m.

Advisory ROSA-SA-2023-2239

2023-10-1008:57:57
ROSA LAB
abf.rosalinux.ru
22

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

7.4 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.009 Low

EPSS

Percentile

82.9%

JSON

software: batik 1.11
WASP: ROSA-CHROME

package_evr_string: batik-1.11-3.src.rpm

CVE-ID: CVE-2019-17566
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC.: Apache Batik is vulnerable to server-side request forgery caused by improper input validation using โ€œxlink:hrefโ€ attributes. Using a specially crafted argument, an attacker could exploit this vulnerability to force the underlying server to execute arbitrary GET requests.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update batik

CVE-ID: CVE-2022-41704
BDU-ID: 2022-06660
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the Apache Batik SVG image manipulation library is related to insufficient validation of incoming requests. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary Java code
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update batik

CVE-ID: CVE-2022-42890
BDU-ID: 2022-06659
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the Apache Batik SVG image manipulation library is related to insufficient validation of incoming requests. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary Java code
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update batik

OSVersionArchitecturePackageVersionFilename
ROSAanynoarchbatik<ย 1.11UNKNOWN

Related

nessus 19
atlassian 5
osv 9
openvas 21
redos 1
debian 2
ubuntu 1
veracode 3
prion 3
debiancve 3
github 3
mageia 2
ubuntucve 3
cve 3
redhatcve 3
ibm 38
suse 2
amazon 2
gentoo 1
fedora 15
redhat 5
oracle 11
nessus
nessus
Debian DSA-5264-1 : batik - security update
2022-10-30 00:00:00
Debian DLA-3169-1 : batik - LTS security update
2022-10-31 00:00:00
Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : Apache Batik vulnerabilities (USN-6117-1)
2023-05-30 00:00:00
atlassian
atlassian
Jira is affected by CVE-2022-42890 &
2023-03-09 00:04:38
SSRF org.apache.xmlgraphics in Confluence Data Center and Server
2023-11-03 00:46:22
RCE (Remote Code Execution) org.apache.xmlgraphics:batik-bridge Dependency in Jira Software Data Center and Server
2024-02-14 10:47:27
osv
osv
batik - security update
2022-10-29 00:00:00
batik - security update
2022-10-29 00:00:00
batik vulnerabilities
2023-05-30 14:31:05
openvas
openvas
Debian: Security Advisory (DLA-3169-1)
2022-10-30 00:00:00
Debian: Security Advisory (DSA-5264-1)
2022-10-31 00:00:00
Ubuntu: Security Advisory (USN-6117-1)
2023-05-31 00:00:00
redos
redos
ROS-20221103-03
2022-11-03 00:00:00
debian
debian
[SECURITY] [DSA 5264-1] batik security update
2022-10-29 21:58:51
[SECURITY] [DLA 3169-1] batik security update
2022-10-29 15:13:48
ubuntu
ubuntu
Apache Batik vulnerabilities
2023-05-30 00:00:00
veracode
veracode
Information Disclosure
2022-10-26 10:11:51
Server-side Request Forgery (SSRF)
2020-06-16 09:19:33
Information Disclosure
2022-10-26 08:41:08
prion
prion
Code injection
2022-10-25 17:15:00
Code injection
2022-10-25 17:15:00
Server side request forgery (ssrf)
2020-11-12 18:15:00
debiancve
debiancve
CVE-2022-41704
2022-10-25 17:15:00
CVE-2019-17566
2020-11-12 18:15:00
CVE-2022-42890
2022-10-25 17:15:00
github
github
Untrusted code execution in Apache XML Graphics Batik
2022-10-25 19:00:29
Apache XML Graphics Batik vulnerable to code execution via SVG.
2022-10-25 19:00:29
Server-side request forgery (SSRF) in Apache Batik
2022-02-09 00:46:46
mageia
mageia
Updated batik packages fix security vulnerabilities
2024-03-16 19:28:17
Updated batik packages fix security vulnerabilities
2021-04-02 23:25:05
ubuntucve
ubuntucve
CVE-2022-42890
2022-10-25 00:00:00
CVE-2022-41704
2022-10-25 00:00:00
CVE-2019-17566
2020-11-12 00:00:00
cve
cve
CVE-2022-41704
2022-10-25 17:15:00
CVE-2019-17566
2020-11-12 18:15:00
CVE-2022-42890
2022-10-25 17:15:00
redhatcve
redhatcve
CVE-2022-41704
2023-03-27 19:43:11
CVE-2019-17566
2020-06-18 15:55:19
CVE-2022-42890
2023-03-27 19:43:04
ibm
ibm
Security Bulletin: A vulnerability has been identified in Apache Batik, which is a required product for IBM Tivoli Network Manager IP Edition (CVE-2019-17566)
2020-11-27 09:04:51
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server traditional shipped with IBM Operations Analytics
2020-11-23 14:50:01
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Monitor (CVE-2019-17566)
2020-08-27 07:16:21
suse
suse
Security update for xmlgraphics-batik (moderate)
2020-06-23 00:00:00
Security update for xmlgraphics-batik (moderate)
2020-07-23 00:00:00
amazon
amazon
Important: batik
2023-03-02 20:21:00
Important: batik
2023-03-02 21:49:00
gentoo
gentoo
Apache Batik: Multiple Vulnerabilities
2024-01-07 00:00:00
fedora
fedora
[SECURITY] Fedora 32 Update: eclipse-ecf-3.14.8-4.fc32
2020-08-31 15:50:28
[SECURITY] Fedora 32 Update: eclipse-mpc-1.8.3-2.fc32
2020-08-31 15:50:29
[SECURITY] Fedora 32 Update: eclipse-m2e-core-1.16.1-1.fc32
2020-08-31 15:50:29
redhat
redhat
(RHSA-2020:4960) Moderate: Red Hat Decision Manager 7.9.0 security update
2020-11-05 18:43:06
(RHSA-2020:4961) Moderate: Red Hat Process Automation Manager 7.9.0 security update
2020-11-05 18:44:42
(RHSA-2023:3954) Critical: Red Hat Fuse 7.12 release and security update
2023-06-29 20:05:32
oracle
oracle
Oracle Critical Patch Update Advisory - October 2023
2023-10-17 00:00:00
Oracle Critical Patch Update Advisory - January 2024
2024-01-16 00:00:00
Oracle Critical Patch Update Advisory - July 2023
2023-07-18 00:00:00

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

7.4 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.009 Low

EPSS

Percentile

82.9%

JSON
Related for ROSA-SA-2023-2239
nessus19atlassian5osv9openvas21redos1debian2ubuntu1veracode3prion3debiancve3github3mageia2ubuntucve3cve3redhatcve3ibm38suse2amazon2gentoo1fedora15redhat5oracle11