479 matches found
RCE (Remote Code Execution) org.apache.xmlgraphics:batik-script Dependency in Jira Software Data Center and Server
This High severity org.apache.xmlgraphics:batik-script Dependency vulnerability was introduced in versions 8.20.0, 8.22.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, and 9.7.0 of Jira Software Data Center and Server. This org.apache.xmlgraphics:batik-script Dependency vulnerability, with a...
SSRF (Server-Side Request Forgery) org.apache.xmlgraphics:batik-bridge Dependency in Jira Software Data Center and Server
This High severity org.apache.xmlgraphics:batik-bridge Dependency vulnerability was introduced in versions 8.20.0, 8.22.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, and 9.6.0 of Jira Software Data Center and Server. This org.apache.xmlgraphics:batik-bridge Dependency vulnerability, with a CVSS...
Security Bulletin: Multiple Vulnerabilities in IBM Application Performance Management
Summary Multiple vulnerabilities were addressed in IBM Application Performance Management 8.1.4.0 IF15 patch Vulnerability Details CVEID:CVE-2022-44729 DESCRIPTION: Apache Batik is vulnerable to server-side request forgery, caused by improper input validation. By persuading a victim to open...
Security Bulletin: There is a vulnerability in batik-all-1.15.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-44730 and CVE-2022-44729)
Summary There is a vulnerability in batik-all-1.15.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2022-44730 DESCRIPTION: Apache Batik is vulnerable to server-side request forgery, caused by improper input validation. By persuading a...
Atlassian Jira Service Management Data Center and Server < 4.20.30 / 5.4.x < 5.4.15 / 5.7.x < 5.12.2 (JSDSERVER-14958)
The version of Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-14958 advisory. - Server-Side Request Forgery SSRF vulnerability in Apache Software Foundation Apache XML Graphics Batik.This...
Security Bulletin: There is a vulnerability in batik-all-1.15.jar used by IBM Maximo Asset Management application (CVE-2022-44730 and CVE-2022-44729)
Summary There is a vulnerability in batik-all-1.15.jar used by IBM Maximo Asset Management application. Vulnerability Details CVEID:CVE-2022-44730 DESCRIPTION: Apache Batik is vulnerable to server-side request forgery, caused by improper input validation. By persuading a victim to open specially...
GLSA-202401-11 : Apache Batik: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202401-11 Apache Batik: Multiple Vulnerabilities - In Apache Batik 1.x before 1.10, when deserializing subclass of AbstractDocument, the class takes a string from the inputStream as the class name which then use it to call the...
Apache Batik: Multiple Vulnerabilities
Background Apache Batik is a Java-based toolkit for applications or applets that want to use images in the Scalable Vector Graphics SVG format for various purposes, such as display, generation or manipulation. Description Multiple vulnerabilities have been discovered in Apache Batik. Please revie...
SSRF org.apache.xmlgraphics:batik-bridge Dependency in Jira Service Management Data Center and Server
This High severity org.apache.xmlgraphics:batik-bridge Dependency vulnerability was introduced in versions 4.20.0, 5.4.0, 5.7.0, 5.8.0, 5.9.0, 5.10.0, 5.11.0, and 5.12.0 of Jira Service Management Data Center and Server. This org.apache.xmlgraphics:batik-bridge Dependency vulnerability, with a CV...
Security Bulletin: Multipe vulnerabilities in DITA may affect IBM Business Automation Workflow Case Management docGenerator feature (CVE-2023-2976, CVE-2022-44729, CVE-2022-44730)
Summary IBM Business Automation Workflow provides a feature for generating "solution description documents" building upon an open source framework DITA. Vulnerabilities have been reported for open-source libraries repackaged by DITA. Vulnerability Details CVEID:CVE-2023-2976 DESCRIPTION: Google...
Atlassian Confluence 7.13 / 7.19.x < 7.19.16 (CONFSERVER-93175)
The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-93175 advisory. - A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache X...
The vulnerability of the library for working with SVG images in Apache Batik, related to insufficient validation of incoming requests, allows a perpetrator to gain unauthorized access to protected information or cause service failures.
The vulnerability of the Apache Batik SVG-image processing library lies in insufficient validation of incoming requests. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected information or cause service failures...
The vulnerability of the library for working with SVG images in Apache Batik, related to insufficient validation of incoming requests, allows a hacker to perform an SSRF attack.
The vulnerability of the Apache Batik library for working with SVG images is related to insufficient validation of incoming requests. Exploiting this vulnerability can allow attackers to execute an SSRF attack...
Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities
Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Additionally, a cross site scripting issue was found. These have been addressed in the update. Vulnerability Details CVEID:CVE-2020-22218 DESCRIPTION: libssh...
SSRF org.apache.xmlgraphics:batik-bridge in Confluence Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 7.13.0 and 7.19.0 of Confluence Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N allows an unauthenticate...
Debian: Security Advisory (DLA-3619-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 3619-1] batik security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3619-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès October 14, 2023 https://wiki.debian.org/LTS -...
DLA-3619-1 batik - security update
Bulletin has no description...
Debian dla-3619 : libbatik-java - security update
The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3619 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3619-1 [email protected]...
Advisory ROSA-SA-2023-2239
software: batik 1.11 WASP: ROSA-CHROME packageevrstring: batik-1.11-3.src.rpm CVE-ID: CVE-2019-17566 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Apache Batik is vulnerable to server-side request forgery caused by improper input validation using "xlink:href" attributes. Using a specially crafted...