18 matches found
Security Bulletin: Vulnerability in Apache Batik library affect Tivoli Netcool/OMNIbus WebGUI (CVE-2022-40146)
Summary Apache Batik library is used by Tivoli Netcool/OMNIbus WebGUI as part of Gauges and Map viewing component. Vulnerability Details CVEID:CVE-2022-40146 DESCRIPTION: Server-Side Request Forgery SSRF vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar...
Debian: Security Advisory (DLA-4243-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian dla-4243 : libbatik-java - security update
The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-4243 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4243-1 [email protected]...
[SECURITY] [DLA 4243-1] batik security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-4243-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk July 20, 2025 https://wiki.debian.org/LTS -...
Linux Distros Unpatched Vulnerability : CVE-2022-40146
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Server-Side Request Forgery SSRF vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML...
Mageia: Security Advisory (MGASA-2024-0068)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
GLSA-202401-11 : Apache Batik: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202401-11 Apache Batik: Multiple Vulnerabilities - In Apache Batik 1.x before 1.10, when deserializing subclass of AbstractDocument, the class takes a string from the inputStream as the class name which then use it to call the...
Atlassian Confluence 7.13.x / 7.19.x < 7.19.16 (CONFSERVER-93178)
The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-93178 advisory. - Server-Side Request Forgery SSRF vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue...
Debian dla-3619 : libbatik-java - security update
The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3619 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3619-1 [email protected]...
Security Bulletin: There are several vulnerabilities in Apache Batik used by IBM Jazz Reporting Service (CVE-2022-40146, CVE-2022-38648, CVE-2022-38398)
Summary There are several vulnerabilities in Apache Batik used by IBM Jazz Reporting ServiceJRS. This vulnerabiliity is addressed in JRS by upgrading to a version of Apache Batik that resolves the issue. Vulnerability Details CVEID:CVE-2022-40146 DESCRIPTION: Apache Batik is vulnerable to...
Security Bulletin: Vulnerabilities found in batik-bridge-1.7.jar which is shipped with IBM® Intelligent Operations Center(CVE-2022-40146, CVE-2022-38648, CVE-2022-38398)
Summary Multiple vulnerabilities have been identified in batik-bridge-1.7.jar which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details...
Security Bulletin: The IBM® Engineering System Design Rhapsody products on IBM Jazz Technology contains additional security fixe for CVE-2022-40146, CVE-2022-38648, CVE-2022-38398 for batik-bridge-1.7.jar (Publicly disclosed vulnerability found by Mend)
Summary The IBM® Engineering System Design Rhapsody 9.0.1 iFix005 contains fix for CVE-2022-40146, CVE-2022-38648, CVE-2022-38398 batik-bridge-1.7.jar which is identified as a vulnerability during OSS scan. This version contains upgraded vresion of barik-bridge to batik-bridge-1.16.jar .jar...
Ubuntu: Security Advisory (USN-6117-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : Apache Batik vulnerabilities (USN-6117-1)
The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6117-1 advisory. It was discovered that Apache Batik incorrectly handled certain inputs. An attacker could possibly use this to perfor...
Amazon Linux 2 : batik (ALAS-2023-1966)
The version of batik installed on the remote host is prior to 1.8-0.12.svn1230816. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-1966 advisory. Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the...
CVE-2022-40146
Server-Side Request Forgery SSRF vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14...
CVE-2022-40146
CVE-2022-40146 is a Server-Side Request Forgery in Apache XML Graphics Batik (version 1.14) that allows an attacker to access files via a Jar URL. Multiple connected advisories confirm the vulnerability and urge upgrading Batik to patched versions; Debian and Gentoo advisories show Batik updates ...
CVE-2022-40146 Jar url should be blocked by DefaultScriptSecurity
Server-Side Request Forgery SSRF vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14...