19 matches found
Linux Distros Unpatched Vulnerability : CVE-2017-5662
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG file...
RHEL 7 : batik (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - batik: XML external entity processing vulnerability CVE-2017-5662 - batik: information disclosure when...
RHEL 6 : batik (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - batik: XML external entity processing vulnerability CVE-2017-5662 - batik: information disclosure when...
RHEL 7 : batik (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - batik: XML external entity processing vulnerability CVE-2017-5662 - batik: information disclosure when...
Security Bulletin: Vulnerabilities found in batik-all-1.7.jar, batik-dom-1.7.jar which is shipped with IBM® Intelligent Operations Center(CVE-2018-8013, CVE-2017-5662, CVE-2015-0250)
Summary Multiple vulnerabilities have been identified in batik-all-1.7.jar, batik-dom-1.7.jar which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs...
Security Bulletin: The IBM® Engineering System Design Rhapsody products on IBM Jazz Technology contains additional security fixes for CVE-2015-0250, CVE-2018-8013, CVE-2017-5662 batik-dom-1.7.jar (Publicly disclosed vulnerability found by WhiteSource)
Summary The IBM® Engineering System Design Rhapsody 9.0.1 iFix005 contains fix for CVE-2015-0250, CVE-2018-8013, CVE-2017-5662 batik-dom-1.7.jar which is identified as a vulnerability during OSS scan. This version contains upgraded vresion of batik-dom to batik-dom-1.16.jar Vulnerability Details...
Security Bulletin: Multiple Vulnerabilities discovered in libraries used by TCRtoolkit in ITNM
Summary Multiple vulnerabilities CVE-2009-4521; CVE-2015-0250; CVE-2017-5662; CVE-2018-8013; CVE-2019-17566; CVE-2020-11987; CVE-2009-4269; CVE-2009-4521; CVE-2009-4521; CVE-2009-4521; CVE-2009-4521; CVE-2009-4521; CVE-2021-41033 found in TCRtoolkit component present in IBM Tivoli Network Manager...
Security Bulletin:IBM TRIRIGA Application Platform discloses CVE-20215-0250
Summary IBM TRIRIGA Application Platform discloses CVE-2015-0250 Vulnerability Details CVEID:CVE-2015-0250 DESCRIPTION: Apache Batik could allow a remote attacker to obtain sensitive information. By persuading a victim to open a specially-crafted SVG file, an attacker could exploit this...
Security Bulletin: Vulnerability in Apache Batik affects IBM Maximo Asset Management (CVE-2017-5662)
Summary Apache Batik used by IBM Maximo Asset Management could allow a remote authenticated attacker to obtain sensitive information, caused by an XML external entity XXE error when processing XML data. By using a specially-crafted SVG file, a remote attacker could exploit this vulnerability to...
Security Bulletin: Vulnerability in Apache Batik affects IBM Cúram Social Program Management (CVE-2017-5662)
Summary IBM Cúram Social Program Management uses the Apache Batik Library. Apache Batik could allow a remote authenticated attacker to obtain sensitive information, caused by an XML external entity XXE error when processing XML data. Vulnerability Details CVEID: CVE-2017-5662 DESCRIPTION: Apache...
[SECURITY] [DSA 4215-1] batik security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4215-1 [email protected] https://www.debian.org/security/ Sebastien Delafond June 02, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4215-1] batik security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4215-1 [email protected] https://www.debian.org/security/ Sebastien Delafond June 02, 2018 https://www.debian.org/security/faq -...
Important: Red Hat Security Advisory: Red Hat JBoss Fuse/A-MQ 6.3 R6 security and bug fix update
An update is now available for Red Hat JBoss Fuse and Red Hat JBoss A-MQ. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...
Important: Red Hat Security Advisory: Red Hat JBoss BPM Suite 6.4.5 security update
An update is now available for Red Hat JBoss BPM Suite. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in...
Fedora 26 : batik (2017-7a5f625013)
Update to upstream version 1.9. Fixes CVE-2017-5662. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issue...
Fedora 25 : batik (2017-43b46cd2da)
Security fix for CVE-2017-5662 ---- Add missing requires on xmlgraphics-commons Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without...
Fedora 24 : batik (2017-aff3dd3101)
Security fix for CVE-2017-5662 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300...
[SECURITY] [DLA 926-1] batik security update
Package : batik Version : 1.7+dfsg-3+deb7u2 CVE ID : CVE-2017-5662 Debian Bug : 860566 In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the...
CVE-2017-5662
CVE-2017-5662 affects Apache Batik before 1.9, exposing files on the server when processing adversarial SVGs. Root context could lead to full server compromise; XXE can trigger DoS amplification. Connected docs confirm Batik-related exploits/SSRF risks and list affected platforms (e.g., Batik =1....