Lucene search
K

18 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/10/20 2:19 p.m.6 views

Security Bulletin: Vulnerability in Apache Batik library affect Tivoli Netcool/OMNIbus WebGUI (CVE-2022-40146)

Summary Apache Batik library is used by Tivoli Netcool/OMNIbus WebGUI as part of Gauges and Map viewing component. Vulnerability Details CVEID:CVE-2022-40146 DESCRIPTION: Server-Side Request Forgery SSRF vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar...

7.5CVSS6.7AI score0.05791EPSS
Exploits1Affected Software1
OpenVAS
OpenVAS
added 2025/07/21 12:0 a.m.5 views

Debian: Security Advisory (DLA-4243-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.2CVSS7AI score0.13635EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/07/21 12:0 a.m.6 views

Debian dla-4243 : libbatik-java - security update

The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-4243 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4243-1 [email protected]...

8.2CVSS6.8AI score0.13635EPSS
Exploits1References10
Debian
Debian
added 2025/07/20 8:43 p.m.7 views

[SECURITY] [DLA 4243-1] batik security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4243-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk July 20, 2025 https://wiki.debian.org/LTS -...

8.2CVSS7.6AI score0.13635EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2022-40146

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Server-Side Request Forgery SSRF vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML...

7.5CVSS7.1AI score0.05791EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2024/03/18 12:0 a.m.29 views

Mageia: Security Advisory (MGASA-2024-0068)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.9AI score0.05791EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2024/01/09 12:0 a.m.53 views

GLSA-202401-11 : Apache Batik: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202401-11 Apache Batik: Multiple Vulnerabilities - In Apache Batik 1.x before 1.10, when deserializing subclass of AbstractDocument, the class takes a string from the inputStream as the class name which then use it to call the...

9.8CVSS7.2AI score0.19523EPSS
Exploits1References14
Tenable Nessus
Tenable Nessus
added 2023/11/22 12:0 a.m.32 views

Atlassian Confluence 7.13.x / 7.19.x < 7.19.16 (CONFSERVER-93178)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-93178 advisory. - Server-Side Request Forgery SSRF vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue...

7.5CVSS7.5AI score0.05791EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2023/10/14 12:0 a.m.32 views

Debian dla-3619 : libbatik-java - security update

The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3619 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3619-1 [email protected]...

8.2CVSS6.8AI score0.13635EPSS
Exploits1References14
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/04 10:44 a.m.36 views

Security Bulletin: There are several vulnerabilities in Apache Batik used by IBM Jazz Reporting Service (CVE-2022-40146, CVE-2022-38648, CVE-2022-38398)

Summary There are several vulnerabilities in Apache Batik used by IBM Jazz Reporting ServiceJRS. This vulnerabiliity is addressed in JRS by upgrading to a version of Apache Batik that resolves the issue. Vulnerability Details CVEID:CVE-2022-40146 DESCRIPTION: Apache Batik is vulnerable to...

7.5CVSS6.4AI score0.05791EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/05 1:23 p.m.42 views

Security Bulletin: Vulnerabilities found in batik-bridge-1.7.jar which is shipped with IBM® Intelligent Operations Center(CVE-2022-40146, CVE-2022-38648, CVE-2022-38398)

Summary Multiple vulnerabilities have been identified in batik-bridge-1.7.jar which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details...

7.5CVSS6.7AI score0.05791EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/13 10:57 a.m.44 views

Security Bulletin: The IBM® Engineering System Design Rhapsody products on IBM Jazz Technology contains additional security fixe for CVE-2022-40146, CVE-2022-38648, CVE-2022-38398 for batik-bridge-1.7.jar (Publicly disclosed vulnerability found by Mend)

Summary The IBM® Engineering System Design Rhapsody 9.0.1 iFix005 contains fix for CVE-2022-40146, CVE-2022-38648, CVE-2022-38398 batik-bridge-1.7.jar which is identified as a vulnerability during OSS scan. This version contains upgraded vresion of barik-bridge to batik-bridge-1.16.jar .jar...

7.5CVSS6AI score0.05791EPSS
Exploits1Affected Software1
OpenVAS
OpenVAS
added 2023/05/31 12:0 a.m.37 views

Ubuntu: Security Advisory (USN-6117-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.2CVSS7.1AI score0.13635EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2023/05/30 12:0 a.m.41 views

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : Apache Batik vulnerabilities (USN-6117-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6117-1 advisory. It was discovered that Apache Batik incorrectly handled certain inputs. An attacker could possibly use this to perfor...

8.2CVSS6.9AI score0.13635EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2023/03/07 12:0 a.m.61 views

Amazon Linux 2 : batik (ALAS-2023-1966)

The version of batik installed on the remote host is prior to 1.8-0.12.svn1230816. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-1966 advisory. Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the...

8.2CVSS7AI score0.13635EPSS
Exploits1References14
NVD
NVD
added 2022/09/22 3:15 p.m.21 views

CVE-2022-40146

Server-Side Request Forgery SSRF vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14...

7.5CVSS0.05791EPSS
Exploits1References4
CVE
CVE
added 2022/09/22 12:0 a.m.213 views

CVE-2022-40146

CVE-2022-40146 is a Server-Side Request Forgery in Apache XML Graphics Batik (version 1.14) that allows an attacker to access files via a Jar URL. Multiple connected advisories confirm the vulnerability and urge upgrading Batik to patched versions; Debian and Gentoo advisories show Batik updates ...

7.5CVSS7.4AI score0.05791EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2022/09/22 12:0 a.m.24 views

CVE-2022-40146 Jar url should be blocked by DefaultScriptSecurity

Server-Side Request Forgery SSRF vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14...

7.9AI score0.05791EPSS
Exploits1References3
Rows per page
Query Builder