Lucene search
K

19 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:39 a.m.45 views

Security Bulletin: Multiple vulnerabilities in DITA, Apache Batik, Apache FOP may affect IBM Business Automation Workflow and IBM Case Manager

Summary IBM Business Automation Workflow and IBM Case Manager packages DITA for documentation generation in Case Management. Multiple CVEs have been reported for open source libraries repackaged in DITA. A few of the same open source libraries, such as Apache Batik and Apache FOP, are also used f...

9.8CVSS8.4AI score0.24738EPSS
Exploits5Affected Software3
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2018-8013

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Apache Batik 1.x before 1.10, when deserializing subclass of AbstractDocument, the class takes a string from the inputStream as the class name which then use...

9.8CVSS8.1AI score0.19523EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.30 views

RHEL 7 : batik (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - batik: XML external entity processing vulnerability CVE-2017-5662 - batik: information disclosure when...

9.8CVSS9.2AI score0.19523EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.36 views

RHEL 6 : batik (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - batik: XML external entity processing vulnerability CVE-2017-5662 - batik: information disclosure when...

8.2AI score0.19523EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.38 views

RHEL 7 : batik (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - batik: XML external entity processing vulnerability CVE-2017-5662 - batik: information disclosure when...

8.2AI score0.19523EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2024/01/09 12:0 a.m.53 views

GLSA-202401-11 : Apache Batik: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202401-11 Apache Batik: Multiple Vulnerabilities - In Apache Batik 1.x before 1.10, when deserializing subclass of AbstractDocument, the class takes a string from the inputStream as the class name which then use it to call the...

9.8CVSS7.2AI score0.19523EPSS
Exploits1References14
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/05 8:40 a.m.39 views

Security Bulletin: Vulnerabilities found in batik-all-1.7.jar, batik-dom-1.7.jar which is shipped with IBM® Intelligent Operations Center(CVE-2018-8013, CVE-2017-5662, CVE-2015-0250)

Summary Multiple vulnerabilities have been identified in batik-all-1.7.jar, batik-dom-1.7.jar which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs...

9.8CVSS9.3AI score0.19523EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/13 10:54 a.m.34 views

Security Bulletin: The IBM® Engineering System Design Rhapsody products on IBM Jazz Technology contains additional security fixes for CVE-2015-0250, CVE-2018-8013, CVE-2017-5662 batik-dom-1.7.jar (Publicly disclosed vulnerability found by WhiteSource)

Summary The IBM® Engineering System Design Rhapsody 9.0.1 iFix005 contains fix for CVE-2015-0250, CVE-2018-8013, CVE-2017-5662 batik-dom-1.7.jar which is identified as a vulnerability during OSS scan. This version contains upgraded vresion of batik-dom to batik-dom-1.16.jar Vulnerability Details...

9.8CVSS8.6AI score0.19523EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/04 3:55 p.m.60 views

Security Bulletin: Multiple Vulnerabilities discovered in libraries used by TCRtoolkit in ITNM

Summary Multiple vulnerabilities CVE-2009-4521; CVE-2015-0250; CVE-2017-5662; CVE-2018-8013; CVE-2019-17566; CVE-2020-11987; CVE-2009-4269; CVE-2009-4521; CVE-2009-4521; CVE-2009-4521; CVE-2009-4521; CVE-2009-4521; CVE-2021-41033 found in TCRtoolkit component present in IBM Tivoli Network Manager...

9.8CVSS10AI score0.19523EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/30 4:36 p.m.54 views

Security Bulletin:IBM TRIRIGA Application Platform discloses CVE-20215-0250

Summary IBM TRIRIGA Application Platform discloses CVE-2015-0250 Vulnerability Details CVEID:CVE-2015-0250 DESCRIPTION: Apache Batik could allow a remote attacker to obtain sensitive information. By persuading a victim to open a specially-crafted SVG file, an attacker could exploit this...

9.8CVSS8.7AI score0.19523EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/08 4:20 p.m.39 views

Security Bulletin: Older version of common Open Source: batik-dom-1.9.1.jar found in the MaximoForgeViewerPlugIn which is shipped with IBM Maximo for Civil Infrastructure

Summary There is an older version of common Open Source: batik-dom-1.9.1.jar found in the Maximo data loader which is shipped with IBM Maximo for Civil Infrastructure. In Apache Batik 1.x before 1.10, when deserializing subclass of AbstractDocument, the class takes a string from the inputStream a...

9.8CVSS0.7AI score0.19523EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/01/03 12:0 a.m.34 views

Fedora 28 : batik (2018-168af81706)

Security fix for CVE-2018-8013. Updated to upstream release 1.10. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...

9.8CVSS8.2AI score0.19523EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2018/12/07 2:30 p.m.33 views

Security Bulletin: Vulnerability in Apache Batik affects IBM Cúram Social Program Management (CVE-2018-8013)

Summary IBM Cúram Social Program Management uses the Apache Batik Library. In Apache Batik library prior to version 1.10, the class type has not being checked during the deserialization process of the subclass of AbstractDocument. Fix has been put in place to check the class type before...

9.8CVSS0.6AI score0.19523EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2018/06/11 12:0 a.m.33 views

Fedora 27 : batik (2018-79792e0c64)

Security fix for CVE-2018-8013. Updated to upstream release 1.10. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...

9.8CVSS8.2AI score0.19523EPSS
Exploits0References2
Debian
Debian
added 2018/06/02 8:13 a.m.38 views

[SECURITY] [DSA 4215-1] batik security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4215-1 [email protected] https://www.debian.org/security/ Sebastien Delafond June 02, 2018 https://www.debian.org/security/faq -...

7.9CVSS2AI score0.19523EPSS
Exploits0
Debian
Debian
added 2018/06/02 8:13 a.m.34 views

[SECURITY] [DSA 4215-1] batik security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4215-1 [email protected] https://www.debian.org/security/ Sebastien Delafond June 02, 2018 https://www.debian.org/security/faq -...

9.8CVSS9.2AI score0.19523EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2018/05/30 12:0 a.m.33 views

Ubuntu 14.04 LTS : Batik vulnerability (USN-3661-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-3661-1 advisory. It was discovered that Batik incorrectly handled certain XML. An attacker could possibly use this to expose sensitive information. Tenable has extracted the...

9.8CVSS8.3AI score0.19523EPSS
Exploits0References2
NVD
NVD
added 2018/05/24 4:29 p.m.19 views

CVE-2018-8013

In Apache Batik 1.x before 1.10, when deserializing subclass of AbstractDocument, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization...

9.8CVSS8.4AI score0.19523EPSS
Exploits0References17
CVE
CVE
added 2018/05/24 4:0 p.m.189 views

CVE-2018-8013

Apache Batik 1.x before 1.10 is vulnerable to information disclosure via deserializing a subclass of AbstractDocument, where inputStream-derived class name is used to invoke a no-arg constructor. The fix is to validate the class type before newInstance during deserialization; remediation is to up...

9.8CVSS8.6AI score0.19523EPSS
Exploits0References17Affected Software1
Rows per page
Query Builder