Lucene search
K

36 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:39 a.m.47 views

Security Bulletin: Multiple vulnerabilities in DITA, Apache Batik, Apache FOP may affect IBM Business Automation Workflow and IBM Case Manager

Summary IBM Business Automation Workflow and IBM Case Manager packages DITA for documentation generation in Case Management. Multiple CVEs have been reported for open source libraries repackaged in DITA. A few of the same open source libraries, such as Apache Batik and Apache FOP, are also used f...

9.8CVSS8.4AI score0.24738EPSS
Exploits5Affected Software3
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2019-17566

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the xlink:href attributes. By using a specially-crafted...

7.5CVSS6.8AI score0.1074EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.36 views

RHEL 6 : batik (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - batik: XML external entity processing vulnerability CVE-2017-5662 - batik: information disclosure when...

8.2AI score0.19523EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2024/01/09 12:0 a.m.53 views

GLSA-202401-11 : Apache Batik: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202401-11 Apache Batik: Multiple Vulnerabilities - In Apache Batik 1.x before 1.10, when deserializing subclass of AbstractDocument, the class takes a string from the inputStream as the class name which then use it to call the...

9.8CVSS7.2AI score0.19523EPSS
Exploits1References14
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/04 10:43 a.m.14 views

Security Bulletin: There is a vulnerability in Apache Batik used by IBM Jazz Reporting Service

Summary There is a vulnerability in Apache Batik used by IBM Jazz Reporting ServiceJRS. This vulnerabiliity is addressed in JRS by upgrading to a version of Apache Batik that resolves the issue. Vulnerability Details CVEID:CVE-2019-17566 DESCRIPTION: Apache Batik is vulnerable to server-side...

7.5CVSS7.5AI score0.1074EPSS
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2023/05/31 12:0 a.m.37 views

Ubuntu: Security Advisory (USN-6117-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.2CVSS7.1AI score0.13635EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2023/05/30 12:0 a.m.41 views

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : Apache Batik vulnerabilities (USN-6117-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6117-1 advisory. It was discovered that Apache Batik incorrectly handled certain inputs. An attacker could possibly use this to perfor...

8.2CVSS6.9AI score0.13635EPSS
Exploits1References8
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/04 3:55 p.m.60 views

Security Bulletin: Multiple Vulnerabilities discovered in libraries used by TCRtoolkit in ITNM

Summary Multiple vulnerabilities CVE-2009-4521; CVE-2015-0250; CVE-2017-5662; CVE-2018-8013; CVE-2019-17566; CVE-2020-11987; CVE-2009-4269; CVE-2009-4521; CVE-2009-4521; CVE-2009-4521; CVE-2009-4521; CVE-2009-4521; CVE-2021-41033 found in TCRtoolkit component present in IBM Tivoli Network Manager...

9.8CVSS10AI score0.19523EPSS
Exploits2Affected Software1
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.34 views

Mageia: Security Advisory (MGASA-2021-0168)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.2CVSS8.1AI score0.13635EPSS
Exploits0References6
OSV
OSV
added 2021/04/02 8:25 p.m.10 views

MGASA-2021-0168 Updated batik packages fix security vulnerabilities

A flaw was found in the Apache Batik library, where it is vulnerable to a Server-Side Request Forgery attack SSRF via "xlink:href" attributes. This flaw allows an attacker to cause the underlying server to make arbitrary GET requests. The highest threat from this vulnerability is to system...

8.2CVSS7.7AI score0.13635EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/12/16 12:11 p.m.179 views

Important: Red Hat Security Advisory: Red Hat Fuse 7.8.0 release and security update

A minor version update from 7.7 to 7.8 is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring...

9.8CVSS8AI score0.95586EPSS
Exploits12References39
IBM Security Bulletins
IBM Security Bulletins
added 2020/11/23 2:50 p.m.25 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server traditional shipped with IBM Operations Analytics

Summary Websphere Application Server WAS is shipped as a component of IBM Operations Analytics Predictive Insights. Information about WebSphere Application Server security vulnerability CVE-2019-17566 due to Apache Batik vulnerability has been published in a security bulletin. Vulnerability Detai...

7.5CVSS2AI score0.1074EPSS
Exploits0Affected Software1
OSV
OSV
added 2020/11/12 6:15 p.m.4 views

UBUNTU-CVE-2019-17566

Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests...

7.5CVSS6.9AI score0.1074EPSS
Exploits0References4
CVE
CVE
added 2020/11/12 12:0 a.m.297 views

CVE-2019-17566

CVE-2019-17566 (Apache Batik) is a server-side request forgery caused by improper input validation in xlink:href attributes, potentially allowing an attacker to trigger arbitrary GET requests from the vulnerable server. Connected advisories reference Batik-related SSRF issues across IBM JRS, SUSE...

7.5CVSS8.2AI score0.1074EPSS
Exploits0References10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/11/10 2:5 p.m.41 views

Security Bulletin: WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable to CVE-2019-17566

Summary There is a server-side request forgery vulnerability in the Apache Batik library which is used by WebSphere Application Server. This has been addressed. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected...

7.5CVSS2.6AI score0.1074EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/10/30 12:0 a.m.370 views

IBM WebSphere Application Server 8.0.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.18 / 9.0.x < 9.0.5.5 SSRF (CVE-2019-17566)

The IBM WebSphere Application Server running on the remote host is version 8.0.0.0 through 8.0.0.15, 8.5.0.x prior to 8.5.5.18, or 9.0.x prior to 9.0.5.5. It is, therefore, affected by a server-side request forgery vulnerability due to improper input validation by the xlink:href attributes. An...

7.5CVSS6.7AI score0.1074EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2020/09/15 5:17 p.m.24 views

Security Bulletin: Vulnerability in Apache Batik library affects IBM Cúram Social Program Management (CVE-2019-17566)

Summary IBM Cúram Social Program Management uses Apache Batik libraries, for which there is a publicly known vulnerability. Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. Vulnerability Details CVEID: CVE-2019-17566...

7.5CVSS1.5AI score0.1074EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/09/09 3:12 a.m.48 views

Security Bulletin: A Security Vulnerability Has Been Identified In Apache Batik used by IBM WebSphere Application Server which is shipped with IBM Security Access Manager for Enterprise Single Sign-On (CVE-2019-17566)

Summary A Security Vulnerability Has Been Identified In Apache Batik. IBM WebSphere Application Server which is shipped with IBM Security Access Manager for Enterprise Single Sign-On is affected by Apache Batik. Information about this security vulnerability affecting IBM WebSphere Application...

7.5CVSS2AI score0.1074EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/09/04 2:44 p.m.29 views

Security Bulletin: A Security Vulnerability in Websphere Application Server Affects Predictive Customer Intelligence (CVE-2019-17566)

Summary Websphere Application Server is shipped with Predictive Customer Intelligence. Information about a security vulnerability affecting Websphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...

7.5CVSS2.5AI score0.1074EPSS
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2020/09/02 12:0 a.m.22 views

Fedora: Security Advisory for eclipse-remote (FEDORA-2020-cf8ef2f333)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS8.7AI score0.1074EPSS
Exploits0References2
Rows per page
Query Builder