Lucene search
K

213 matches found

SUSE CVE
SUSE CVE
added 2024/03/03 4:45 a.m.3 views

SUSE CVE-2022-44730

Server-Side Request Forgery SSRF vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. A malicious SVG can probe user profile / data and send it directly as parameter to a URL...

4.4CVSS8.5AI score0.00749EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/14 8:43 a.m.55 views

Security Bulletin: Multiple Vulnerabilities in IBM Application Performance Management

Summary Multiple vulnerabilities were addressed in IBM Application Performance Management 8.1.4.0 IF15 patch Vulnerability Details CVEID:CVE-2022-44729 DESCRIPTION: Apache Batik is vulnerable to server-side request forgery, caused by improper input validation. By persuading a victim to open...

9.8CVSS10AI score0.09254EPSS
Exploits6Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/01/09 12:0 a.m.53 views

GLSA-202401-11 : Apache Batik: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202401-11 Apache Batik: Multiple Vulnerabilities - In Apache Batik 1.x before 1.10, when deserializing subclass of AbstractDocument, the class takes a string from the inputStream as the class name which then use it to call the...

9.8CVSS7.2AI score0.19523EPSS
Exploits1References14
Gentoo Linux
Gentoo Linux
added 2024/01/07 12:0 a.m.42 views

Apache Batik: Multiple Vulnerabilities

Background Apache Batik is a Java-based toolkit for applications or applets that want to use images in the Scalable Vector Graphics SVG format for various purposes, such as display, generation or manipulation. Description Multiple vulnerabilities have been discovered in Apache Batik. Please revie...

9.8CVSS7.7AI score0.19523EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/12 9:49 a.m.28 views

Security Bulletin: Multipe vulnerabilities in DITA may affect IBM Business Automation Workflow Case Management docGenerator feature (CVE-2023-2976, CVE-2022-44729, CVE-2022-44730)

Summary IBM Business Automation Workflow provides a feature for generating "solution description documents" building upon an open source framework DITA. Vulnerabilities have been reported for open-source libraries repackaged by DITA. Vulnerability Details CVEID:CVE-2023-2976 DESCRIPTION: Google...

7.1CVSS6.2AI score0.00786EPSS
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/11/22 12:0 a.m.4 views

The vulnerability of the library for working with SVG images in Apache Batik, related to insufficient validation of incoming requests, allows a hacker to perform an SSRF attack.

The vulnerability of the Apache Batik library for working with SVG images is related to insufficient validation of incoming requests. Exploiting this vulnerability can allow attackers to execute an SSRF attack...

4.4CVSS6.6AI score0.00749EPSS
Exploits0References7Affected Software3
BDU FSTEC
BDU FSTEC
added 2023/11/22 12:0 a.m.5 views

The vulnerability of the library for working with SVG images in Apache Batik, related to insufficient validation of incoming requests, allows a perpetrator to gain unauthorized access to protected information or cause service failures.

The vulnerability of the Apache Batik SVG-image processing library lies in insufficient validation of incoming requests. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected information or cause service failures...

7.1CVSS6.6AI score0.00786EPSS
Exploits0References7Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/16 6:47 p.m.70 views

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Additionally, a cross site scripting issue was found. These have been addressed in the update. Vulnerability Details CVEID:CVE-2020-22218 DESCRIPTION: libssh...

7.8CVSS8.4AI score0.05794EPSS
Exploits2Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/10/14 12:0 a.m.31 views

Debian dla-3619 : libbatik-java - security update

The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3619 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3619-1 [email protected]...

8.2CVSS6.8AI score0.13635EPSS
Exploits1References14
Rosalinux
Rosalinux
added 2023/10/10 8:57 a.m.44 views

Advisory ROSA-SA-2023-2239

software: batik 1.11 WASP: ROSA-CHROME packageevrstring: batik-1.11-3.src.rpm CVE-ID: CVE-2019-17566 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Apache Batik is vulnerable to server-side request forgery caused by improper input validation using "xlink:href" attributes. Using a specially crafted...

7.5CVSS7.4AI score0.1074EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2023/10/04 11:59 a.m.4 views

batik: Server-Side Request Forgery vulnerability

A flaw was found in Apache Batik, where a malicious SVG can probe user profile data and send it directly as parameter to a URL. This issue can allow an attacker to conduct SSRF attacks...

4.4CVSS7.1AI score0.00749EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/10/04 11:59 a.m.4 views

batik: Server-Side Request Forgery vulnerability

A flaw was found in Apache Batik 1.0 - 1.16. This issue occurs due to a malicious SVG triggering external resources loading by default, causing resource consumption or in some cases information disclosure...

7.1CVSS7.1AI score0.00786EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/04 10:44 a.m.34 views

Security Bulletin: There are several vulnerabilities in Apache Batik used by IBM Jazz Reporting Service (CVE-2022-40146, CVE-2022-38648, CVE-2022-38398)

Summary There are several vulnerabilities in Apache Batik used by IBM Jazz Reporting ServiceJRS. This vulnerabiliity is addressed in JRS by upgrading to a version of Apache Batik that resolves the issue. Vulnerability Details CVEID:CVE-2022-40146 DESCRIPTION: Apache Batik is vulnerable to...

7.5CVSS6.4AI score0.05791EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/04 10:43 a.m.13 views

Security Bulletin: There is a vulnerability in Apache Batik used by IBM Jazz Reporting Service

Summary There is a vulnerability in Apache Batik used by IBM Jazz Reporting ServiceJRS. This vulnerabiliity is addressed in JRS by upgrading to a version of Apache Batik that resolves the issue. Vulnerability Details CVEID:CVE-2019-17566 DESCRIPTION: Apache Batik is vulnerable to server-side...

7.5CVSS7.5AI score0.1074EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/02 4:54 p.m.30 views

Security Bulletin: The IBM App Connect Enterprise Toolkit and the IBM Integration Bus Toolkit are vulnerable to a server-side request forgery due to Apache Batik (CVE-2022-44730, CVE-2022-44729)

Summary The IBM App Connect Enterprise Toolkit and the IBM Integration Bus Toolkit are vulnerable to a server-side request forgery due to Apache Batik CVE-2022-44730, CVE-2022-44729. Vulnerability Details CVEID:CVE-2022-44730 DESCRIPTION: Apache Batik is vulnerable to server-side request forgery,...

7.1CVSS5.4AI score0.00786EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/13 7:59 a.m.39 views

Security Bulletin: Multiple vulnerabilities in Apache Batik affect IBM Application Performance Management products

Summary Apache Batik is used by IBM Application Performance Management. Vulnerability Details CVEID:CVE-2022-40146 DESCRIPTION: Apache Batik is vulnerable to server-side request forgery, caused by a flaw in the DefaultScriptSecurity function. By sending a specially-crafted request, an attacker...

7.5CVSS6AI score0.05791EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/13 7:56 a.m.29 views

Security Bulletin: Multiple vulnerabilities in apache batik affect IBM Application Performance Management products.

Summary Apache batik is used by IBM Application Performance Management. Vulnerability Details CVEID:CVE-2019-17566 DESCRIPTION: Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an...

7.5CVSS7.5AI score0.1074EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/05 1:23 p.m.42 views

Security Bulletin: Vulnerabilities found in batik-bridge-1.7.jar which is shipped with IBM® Intelligent Operations Center(CVE-2022-40146, CVE-2022-38648, CVE-2022-38398)

Summary Multiple vulnerabilities have been identified in batik-bridge-1.7.jar which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details...

7.5CVSS6.7AI score0.05791EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/05 8:40 a.m.39 views

Security Bulletin: Vulnerabilities found in batik-all-1.7.jar, batik-dom-1.7.jar which is shipped with IBM® Intelligent Operations Center(CVE-2018-8013, CVE-2017-5662, CVE-2015-0250)

Summary Multiple vulnerabilities have been identified in batik-all-1.7.jar, batik-dom-1.7.jar which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs...

9.8CVSS9.3AI score0.19523EPSS
Exploits1Affected Software1
RedhatCVE
RedhatCVE
added 2023/08/24 5:15 p.m.50 views

CVE-2022-44729

A flaw was found in Apache Batik 1.0 - 1.16. This issue occurs due to a malicious SVG triggering external resources loading by default, causing resource consumption or in some cases information disclosure...

6.5CVSS6.6AI score0.00786EPSS
Exploits0References5
Rows per page
Query Builder