213 matches found
SUSE CVE-2022-44730
Server-Side Request Forgery SSRF vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. A malicious SVG can probe user profile / data and send it directly as parameter to a URL...
Security Bulletin: Multiple Vulnerabilities in IBM Application Performance Management
Summary Multiple vulnerabilities were addressed in IBM Application Performance Management 8.1.4.0 IF15 patch Vulnerability Details CVEID:CVE-2022-44729 DESCRIPTION: Apache Batik is vulnerable to server-side request forgery, caused by improper input validation. By persuading a victim to open...
GLSA-202401-11 : Apache Batik: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202401-11 Apache Batik: Multiple Vulnerabilities - In Apache Batik 1.x before 1.10, when deserializing subclass of AbstractDocument, the class takes a string from the inputStream as the class name which then use it to call the...
Apache Batik: Multiple Vulnerabilities
Background Apache Batik is a Java-based toolkit for applications or applets that want to use images in the Scalable Vector Graphics SVG format for various purposes, such as display, generation or manipulation. Description Multiple vulnerabilities have been discovered in Apache Batik. Please revie...
Security Bulletin: Multipe vulnerabilities in DITA may affect IBM Business Automation Workflow Case Management docGenerator feature (CVE-2023-2976, CVE-2022-44729, CVE-2022-44730)
Summary IBM Business Automation Workflow provides a feature for generating "solution description documents" building upon an open source framework DITA. Vulnerabilities have been reported for open-source libraries repackaged by DITA. Vulnerability Details CVEID:CVE-2023-2976 DESCRIPTION: Google...
The vulnerability of the library for working with SVG images in Apache Batik, related to insufficient validation of incoming requests, allows a hacker to perform an SSRF attack.
The vulnerability of the Apache Batik library for working with SVG images is related to insufficient validation of incoming requests. Exploiting this vulnerability can allow attackers to execute an SSRF attack...
The vulnerability of the library for working with SVG images in Apache Batik, related to insufficient validation of incoming requests, allows a perpetrator to gain unauthorized access to protected information or cause service failures.
The vulnerability of the Apache Batik SVG-image processing library lies in insufficient validation of incoming requests. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected information or cause service failures...
Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities
Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Additionally, a cross site scripting issue was found. These have been addressed in the update. Vulnerability Details CVEID:CVE-2020-22218 DESCRIPTION: libssh...
Debian dla-3619 : libbatik-java - security update
The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3619 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3619-1 [email protected]...
Advisory ROSA-SA-2023-2239
software: batik 1.11 WASP: ROSA-CHROME packageevrstring: batik-1.11-3.src.rpm CVE-ID: CVE-2019-17566 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Apache Batik is vulnerable to server-side request forgery caused by improper input validation using "xlink:href" attributes. Using a specially crafted...
batik: Server-Side Request Forgery vulnerability
A flaw was found in Apache Batik, where a malicious SVG can probe user profile data and send it directly as parameter to a URL. This issue can allow an attacker to conduct SSRF attacks...
batik: Server-Side Request Forgery vulnerability
A flaw was found in Apache Batik 1.0 - 1.16. This issue occurs due to a malicious SVG triggering external resources loading by default, causing resource consumption or in some cases information disclosure...
Security Bulletin: There are several vulnerabilities in Apache Batik used by IBM Jazz Reporting Service (CVE-2022-40146, CVE-2022-38648, CVE-2022-38398)
Summary There are several vulnerabilities in Apache Batik used by IBM Jazz Reporting ServiceJRS. This vulnerabiliity is addressed in JRS by upgrading to a version of Apache Batik that resolves the issue. Vulnerability Details CVEID:CVE-2022-40146 DESCRIPTION: Apache Batik is vulnerable to...
Security Bulletin: There is a vulnerability in Apache Batik used by IBM Jazz Reporting Service
Summary There is a vulnerability in Apache Batik used by IBM Jazz Reporting ServiceJRS. This vulnerabiliity is addressed in JRS by upgrading to a version of Apache Batik that resolves the issue. Vulnerability Details CVEID:CVE-2019-17566 DESCRIPTION: Apache Batik is vulnerable to server-side...
Security Bulletin: The IBM App Connect Enterprise Toolkit and the IBM Integration Bus Toolkit are vulnerable to a server-side request forgery due to Apache Batik (CVE-2022-44730, CVE-2022-44729)
Summary The IBM App Connect Enterprise Toolkit and the IBM Integration Bus Toolkit are vulnerable to a server-side request forgery due to Apache Batik CVE-2022-44730, CVE-2022-44729. Vulnerability Details CVEID:CVE-2022-44730 DESCRIPTION: Apache Batik is vulnerable to server-side request forgery,...
Security Bulletin: Multiple vulnerabilities in Apache Batik affect IBM Application Performance Management products
Summary Apache Batik is used by IBM Application Performance Management. Vulnerability Details CVEID:CVE-2022-40146 DESCRIPTION: Apache Batik is vulnerable to server-side request forgery, caused by a flaw in the DefaultScriptSecurity function. By sending a specially-crafted request, an attacker...
Security Bulletin: Multiple vulnerabilities in apache batik affect IBM Application Performance Management products.
Summary Apache batik is used by IBM Application Performance Management. Vulnerability Details CVEID:CVE-2019-17566 DESCRIPTION: Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an...
Security Bulletin: Vulnerabilities found in batik-bridge-1.7.jar which is shipped with IBM® Intelligent Operations Center(CVE-2022-40146, CVE-2022-38648, CVE-2022-38398)
Summary Multiple vulnerabilities have been identified in batik-bridge-1.7.jar which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details...
Security Bulletin: Vulnerabilities found in batik-all-1.7.jar, batik-dom-1.7.jar which is shipped with IBM® Intelligent Operations Center(CVE-2018-8013, CVE-2017-5662, CVE-2015-0250)
Summary Multiple vulnerabilities have been identified in batik-all-1.7.jar, batik-dom-1.7.jar which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs...
CVE-2022-44729
A flaw was found in Apache Batik 1.0 - 1.16. This issue occurs due to a malicious SVG triggering external resources loading by default, causing resource consumption or in some cases information disclosure...