Apache XML-RPC: Multiple Vulnerabilities

Background Apache XML-RPC previously known as Helma XML-RPC is a Java implementation of XML-RPC, a popular protocol that uses XML over HTTP to implement remote procedure calls. Description Multiple vulnerabilities have been discovered in Apache XML-RPC. Please review the CVE identifiers reference...

Atlassian Jira Service Management Data Center and Server < 4.20.30 / 5.4.x < 5.4.15 / 5.7.x < 5.12.2 (JSDSERVER-14958)

The version of Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-14958 advisory. - Server-Side Request Forgery SSRF vulnerability in Apache Software Foundation Apache XML Graphics Batik.This...

GLSA-202401-11 : Apache Batik: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202401-11 Apache Batik: Multiple Vulnerabilities - In Apache Batik 1.x before 1.10, when deserializing subclass of AbstractDocument, the class takes a string from the inputStream as the class name which then use it to call the...

SSRF org.apache.xmlgraphics:batik-bridge Dependency in Jira Service Management Data Center and Server

This High severity org.apache.xmlgraphics:batik-bridge Dependency vulnerability was introduced in versions 4.20.0, 5.4.0, 5.7.0, 5.8.0, 5.9.0, 5.10.0, 5.11.0, and 5.12.0 of Jira Service Management Data Center and Server. This org.apache.xmlgraphics:batik-bridge Dependency vulnerability, with a CV...

Atlassian Confluence 7.13 / 7.19.x < 7.19.16 (CONFSERVER-93175)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-93175 advisory. - A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache X...

Atlassian Confluence 7.13.x / 7.19.x < 7.19.16 (CONFSERVER-93178)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-93178 advisory. - Server-Side Request Forgery SSRF vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue...

Atlassian Confluence 7.13.x / 7.19.x < 7.19.16 (CONFSERVER-93179)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-93179 advisory. - A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics...

Security Bulletin: IBM TRIRIGA Application Platform discloses server-side request forgery (CVE-2020-11988)

Summary CV-2020-11988 Apache XML Graphis Commons is vulerable to server-side request forgery. Vulnerability Details CVEID: CVE-2020-11988 DESCRIPTION: Apache XML Graphics Commons is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a...

SSRF org.apache.xmlgraphics in Confluence Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 7.13.0 and 7.19.0 of Confluence Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N allows an unauthenticate...

SSRF org.apache.xmlgraphics:batik-bridge in Confluence Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 7.13.0 and 7.19.0 of Confluence Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N allows an unauthenticate...

XSS org.apache.xmlgraphics:batik-script in Confluence Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 7.13.0 and 7.19.0 of Confluence Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N allows an unauthenticate...

Security Bulletin: IBM Jazz Reporting Service is vulnerable to CVE-2020-11988 Apache XML Graphics Commons

Summary XML Graphics Commons as used by IBM Jazz Reporting Service is vulnerable. IBM has addressed the relevant CVE. CVE-2020-11988 Vulnerability Details CVEID:CVE-2020-11988 DESCRIPTION: Apache XML Graphics Commons is vulnerable to server-side request forgery, caused by improper input validatio...

Exploit for CVE-2023-21939

JDK CVE-2023-21939 文章链接https://mp.weixin.qq.com/s?biz=M...

Server-Side Request Forgery (SSRF)

Apache XML Graphics Batik is vulnerable to Server-Side Request Forgery SSRF. An attacker is able to trick the application into loading a malicious SVG file, which could then be used to cause excess resource consumption or make unauthorized requests to other systems...

CVE-2022-44730

Server-Side Request Forgery SSRF vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. A malicious SVG can probe user profile / data and send it directly as parameter to a URL...

CVE-2022-44729

Server-Side Request Forgery SSRF vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even...

CVE-2022-44729

Server-Side Request Forgery SSRF vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even...

Server side request forgery (ssrf)

Server-Side Request Forgery SSRF vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. A malicious SVG can probe user profile / data and send it directly as parameter to a URL...

CVE-2022-44729

Server-Side Request Forgery SSRF vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even...

CVE-2022-44729 Apache XML Graphics Batik: Information disclosure vulnerability

Server-Side Request Forgery SSRF vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even...