Lucene search
K

479 matches found

Atlassian
Atlassian
added 2024/02/14 10:47 a.m.51 views

RCE (Remote Code Execution) org.apache.xmlgraphics:batik-script Dependency in Jira Software Data Center and Server

This High severity org.apache.xmlgraphics:batik-script Dependency vulnerability was introduced in versions 8.20.0, 8.22.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, and 9.7.0 of Jira Software Data Center and Server. This org.apache.xmlgraphics:batik-script Dependency vulnerability, with a...

7.5CVSS7.3AI score0.0232EPSS
Exploits0
Atlassian
Atlassian
added 2024/02/14 10:47 a.m.75 views

SSRF (Server-Side Request Forgery) org.apache.xmlgraphics:batik-bridge Dependency in Jira Software Data Center and Server

This High severity org.apache.xmlgraphics:batik-bridge Dependency vulnerability was introduced in versions 8.20.0, 8.22.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, and 9.6.0 of Jira Software Data Center and Server. This org.apache.xmlgraphics:batik-bridge Dependency vulnerability, with a CVSS...

7.5CVSS7.2AI score0.05791EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/14 8:43 a.m.55 views

Security Bulletin: Multiple Vulnerabilities in IBM Application Performance Management

Summary Multiple vulnerabilities were addressed in IBM Application Performance Management 8.1.4.0 IF15 patch Vulnerability Details CVEID:CVE-2022-44729 DESCRIPTION: Apache Batik is vulnerable to server-side request forgery, caused by improper input validation. By persuading a victim to open...

9.8CVSS10AI score0.09254EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/17 8:11 p.m.28 views

Security Bulletin: There is a vulnerability in batik-all-1.15.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-44730 and CVE-2022-44729)

Summary There is a vulnerability in batik-all-1.15.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2022-44730 DESCRIPTION: Apache Batik is vulnerable to server-side request forgery, caused by improper input validation. By persuading a...

7.1CVSS5.4AI score0.00786EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/01/16 12:0 a.m.37 views

Atlassian Jira Service Management Data Center and Server < 4.20.30 / 5.4.x < 5.4.15 / 5.7.x < 5.12.2 (JSDSERVER-14958)

The version of Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-14958 advisory. - Server-Side Request Forgery SSRF vulnerability in Apache Software Foundation Apache XML Graphics Batik.This...

7.1CVSS6.7AI score0.00786EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/15 7:22 p.m.34 views

Security Bulletin: There is a vulnerability in batik-all-1.15.jar used by IBM Maximo Asset Management application (CVE-2022-44730 and CVE-2022-44729)

Summary There is a vulnerability in batik-all-1.15.jar used by IBM Maximo Asset Management application. Vulnerability Details CVEID:CVE-2022-44730 DESCRIPTION: Apache Batik is vulnerable to server-side request forgery, caused by improper input validation. By persuading a victim to open specially...

7.1CVSS5.3AI score0.00786EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/01/09 12:0 a.m.53 views

GLSA-202401-11 : Apache Batik: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202401-11 Apache Batik: Multiple Vulnerabilities - In Apache Batik 1.x before 1.10, when deserializing subclass of AbstractDocument, the class takes a string from the inputStream as the class name which then use it to call the...

9.8CVSS7.2AI score0.19523EPSS
Exploits1References14
Gentoo Linux
Gentoo Linux
added 2024/01/07 12:0 a.m.43 views

Apache Batik: Multiple Vulnerabilities

Background Apache Batik is a Java-based toolkit for applications or applets that want to use images in the Scalable Vector Graphics SVG format for various purposes, such as display, generation or manipulation. Description Multiple vulnerabilities have been discovered in Apache Batik. Please revie...

9.8CVSS7.7AI score0.19523EPSS
Exploits1
Atlassian
Atlassian
added 2023/12/13 7:45 a.m.45 views

SSRF org.apache.xmlgraphics:batik-bridge Dependency in Jira Service Management Data Center and Server

This High severity org.apache.xmlgraphics:batik-bridge Dependency vulnerability was introduced in versions 4.20.0, 5.4.0, 5.7.0, 5.8.0, 5.9.0, 5.10.0, 5.11.0, and 5.12.0 of Jira Service Management Data Center and Server. This org.apache.xmlgraphics:batik-bridge Dependency vulnerability, with a CV...

7.1CVSS6.9AI score0.00786EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/12 9:49 a.m.28 views

Security Bulletin: Multipe vulnerabilities in DITA may affect IBM Business Automation Workflow Case Management docGenerator feature (CVE-2023-2976, CVE-2022-44729, CVE-2022-44730)

Summary IBM Business Automation Workflow provides a feature for generating "solution description documents" building upon an open source framework DITA. Vulnerabilities have been reported for open-source libraries repackaged by DITA. Vulnerability Details CVEID:CVE-2023-2976 DESCRIPTION: Google...

7.1CVSS6.2AI score0.00786EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/11/23 12:0 a.m.28 views

Atlassian Confluence 7.13 / 7.19.x < 7.19.16 (CONFSERVER-93175)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-93175 advisory. - A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache X...

7.5CVSS7.6AI score0.0232EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2023/11/22 12:0 a.m.6 views

The vulnerability of the library for working with SVG images in Apache Batik, related to insufficient validation of incoming requests, allows a perpetrator to gain unauthorized access to protected information or cause service failures.

The vulnerability of the Apache Batik SVG-image processing library lies in insufficient validation of incoming requests. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected information or cause service failures...

7.1CVSS6.6AI score0.00786EPSS
Exploits0References7Affected Software3
BDU FSTEC
BDU FSTEC
added 2023/11/22 12:0 a.m.4 views

The vulnerability of the library for working with SVG images in Apache Batik, related to insufficient validation of incoming requests, allows a hacker to perform an SSRF attack.

The vulnerability of the Apache Batik library for working with SVG images is related to insufficient validation of incoming requests. Exploiting this vulnerability can allow attackers to execute an SSRF attack...

4.4CVSS6.6AI score0.00749EPSS
Exploits0References7Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/16 6:47 p.m.70 views

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Additionally, a cross site scripting issue was found. These have been addressed in the update. Vulnerability Details CVEID:CVE-2020-22218 DESCRIPTION: libssh...

7.8CVSS8.4AI score0.05794EPSS
Exploits2Affected Software1
Atlassian
Atlassian
added 2023/11/03 12:46 a.m.42 views

SSRF org.apache.xmlgraphics:batik-bridge in Confluence Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 7.13.0 and 7.19.0 of Confluence Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N allows an unauthenticate...

7.5CVSS7.2AI score0.05791EPSS
Exploits1
OpenVAS
OpenVAS
added 2023/10/16 12:0 a.m.31 views

Debian: Security Advisory (DLA-3619-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.2CVSS6.9AI score0.13635EPSS
Exploits1References4
Debian
Debian
added 2023/10/14 10:16 p.m.32 views

[SECURITY] [DLA 3619-1] batik security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3619-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès October 14, 2023 https://wiki.debian.org/LTS -...

8.2CVSS7.6AI score0.13635EPSS
Exploits1
OSV
OSV
added 2023/10/14 12:0 a.m.31 views

DLA-3619-1 batik - security update

Bulletin has no description...

8.2CVSS6.5AI score0.13635EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2023/10/14 12:0 a.m.31 views

Debian dla-3619 : libbatik-java - security update

The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3619 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3619-1 [email protected]...

8.2CVSS6.8AI score0.13635EPSS
Exploits1References14
Rosalinux
Rosalinux
added 2023/10/10 8:57 a.m.45 views

Advisory ROSA-SA-2023-2239

software: batik 1.11 WASP: ROSA-CHROME packageevrstring: batik-1.11-3.src.rpm CVE-ID: CVE-2019-17566 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Apache Batik is vulnerable to server-side request forgery caused by improper input validation using "xlink:href" attributes. Using a specially crafted...

7.5CVSS7.4AI score0.1074EPSS
Exploits0
Rows per page
Query Builder