Security Bulletin: Vulnerabilities found in batik-bridge-1.7.jar which is shipped with IBM® Intelligent Operations Center(CVE-2022-40146, CVE-2022-38648, CVE-2022-38398)

Summary Multiple vulnerabilities have been identified in batik-bridge-1.7.jar which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details...

ai.tock:tock-shared (>=19.9.4 <=26.3.2), at.austriapro:ebinterface-rendering (>=1.0.0 <=1.0.1) +1499 more potentially affected by CVE-2022-44729 via org.apache.xmlgraphics:batik-bridge (>=1.10 <=1.16)

org.apache.xmlgraphics:batik-bridge MAVEN version =1.10, =19.9.4, =1.0.0, =1.0.7, =0.2.1, =0.5.0, =0.11.1, =0.0.2, =0.0.1, =0.0.1, =25.6.0, =25.11.0 and more Source cves: CVE-2022-44729 Source advisory: OSV:GHSA-GQ5F-XV48-2365...

Information Disclosure

Batik bridge is vulnerable to information disclosure. The vulnerability exists in the function of DefaultScriptSecurity because the jars get loaded by default which allows an attacker to execute arbitrary codes into the system...

GHSA-53JM-3HC9-FQQC Apache Batik vulnerable to Server-Side Request Forgery

Server-Side Request Forgery SSRF vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik Bridge versions 1.14 and below...