SUSE CVE-2022-44730

🗓️ 03 Mar 2024 04:45:30Reported by Suse CVEType

susecve

susecve🔗 www.suse.com👁 1 Views

CVE-2022-44730 SSRF in Apache Batik 1.16 lets a malicious SVG probe user profile data and send it as a URL parameter.

Reporter	Title	Published	Views	Family All 61
IBM Security Bulletins	Security Bulletin: Multipe vulnerabilities in DITA may affect IBM Business Automation Workflow Case Management docGenerator feature (CVE-2023-2976, CVE-2022-44729, CVE-2022-44730)	12 Dec 202309:49	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.5	30 Apr 202418:52	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities found in Batik Jars which are shipped with IBM® Intelligent Operations Center(CVE-2022-44730, CVE-2022-44729)	23 Apr 202418:50	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities	16 Nov 202318:47	–	ibm
IBM Security Bulletins	Security Bulletin: The IBM App Connect Enterprise Toolkit and the IBM Integration Bus Toolkit are vulnerable to a server-side request forgery due to Apache Batik (CVE-2022-44730, CVE-2022-44729)	2 Oct 202316:54	–	ibm
IBM Security Bulletins	Security Bulletin: There is a vulnerability in batik-all-1.15.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-44730 and CVE-2022-44729)	17 Jan 202420:11	–	ibm
IBM Security Bulletins	Security Bulletin: Security fixes available for The IBM® Engineering System Design Rhapsody products on IBM Jazz Technology	19 Apr 202407:11	–	ibm
IBM Security Bulletins	Security Bulletin: InfoSphere Data Architect (IDA) 9.2.1 Vulnerability Fixes.	4 Mar 202607:48	–	ibm
IBM Security Bulletins	Security Bulletin: There is a vulnerability in batik-all-1.15.jar used by IBM Maximo Asset Management application (CVE-2022-44730 and CVE-2022-44729)	15 Jan 202419:22	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in batik-all library affects IBM Engineering Test Management (ETM) (CVE-2022-44730, CVE-2022-44729)	29 Sep 202311:52	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
OpenSUSE Tumbleweed	–	any	xmlgraphics-batik	1.17-1.1	xmlgraphics-batik-1.17-1.1.noarch.rpm
OpenSUSE Leap	15.5	any	xmlgraphics-batik	1.17-150200.4.7.1	xmlgraphics-batik-1.17-150200.4.7.1.noarch.rpm
SUSE Linux Enterprise Desktop	15.5	any	xmlgraphics-batik	1.17-150200.4.7.1	xmlgraphics-batik-1.17-150200.4.7.1.noarch.rpm
SUSE Linux Enterprise Server	15.5	any	xmlgraphics-batik	1.17-150200.4.7.1	xmlgraphics-batik-1.17-150200.4.7.1.noarch.rpm
SUSE Linux Enterprise Server	15.6	any	xmlgraphics-batik	1.17-150200.4.7.1	xmlgraphics-batik-1.17-150200.4.7.1.noarch.rpm
SUSE Linux Enterprise Server	15.7	any	xmlgraphics-batik	1.17-150200.4.7.1	xmlgraphics-batik-1.17-150200.4.7.1.noarch.rpm
SUSE Linux Enterprise Server for SAP applications	15.5	any	xmlgraphics-batik	1.17-150200.4.7.1	xmlgraphics-batik-1.17-150200.4.7.1.noarch.rpm
SUSE Linux Enterprise Server	12.5	any	xmlgraphics-batik	1.17-2.7.1	xmlgraphics-batik-1.17-2.7.1.noarch.rpm
SUSE Linux Enterprise Server for SAP applications	12.5	any	xmlgraphics-batik	1.17-2.7.1	xmlgraphics-batik-1.17-2.7.1.noarch.rpm
SUSE Linux Enterprise Server	16.0	any	xmlgraphics-batik	1.18-160000.2.2	xmlgraphics-batik-1.18-160000.2.2.noarch.rpm

Source	Link
suse	www.suse.com/security/cve/CVE-2022-44730
suse	www.suse.com/support/security/rating/
lists	www.lists.suse.com/pipermail/sle-security-updates/2024-March/018100.html
lists	www.lists.suse.com/pipermail/sle-updates/2024-March/034578.html

13 May 2026 15:18Current

8.5High risk

Vulners AI Score8.5

CVSS 3.14.4

EPSS0.00749

server side request forgery apache batik svg attack profile data url parameter