Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-6117-1
HistoryMay 30, 2023 - 12:00 a.m.

Apache Batik vulnerabilities

2023-05-3000:00:00
ubuntu.com
27

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

7.9 High

AI Score

Confidence

High

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.009 Low

EPSS

Percentile

82.9%

JSON

Releases

  • Ubuntu 22.10
  • Ubuntu 22.04 LTS
  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 ESM
  • Ubuntu 16.04 ESM
  • Ubuntu 14.04 ESM

Packages

  • batik - SVG Library

Details

It was discovered that Apache Batik incorrectly handled certain inputs. An
attacker could possibly use this to perform a cross site request forgery
attack. (CVE-2019-17566, CVE-2020-11987, CVE-2022-38398, CVE-2022-38648)

It was discovered that Apache Batik incorrectly handled Jar URLs in some
situations. A remote attacker could use this issue to access files on the
server. (CVE-2022-40146)

It was discovered that Apache Batik allowed running untrusted Java code from
an SVG. An attacker could use this issue to cause a denial of service,
or possibly execute arbitrary code. (CVE-2022-41704, CVE-2022-42890)

OSVersionArchitecturePackageVersionFilename
Ubuntu22.10noarchlibbatik-java< 1.14-2ubuntu0.1UNKNOWN
Ubuntu22.04noarchlibbatik-java< 1.14-1ubuntu0.2UNKNOWN
Ubuntu20.04noarchlibbatik-java< 1.12-1ubuntu0.1UNKNOWN
Ubuntu18.04noarchlibbatik-java< 1.10-2~18.04.1UNKNOWN
Ubuntu16.04noarchlibbatik-java< 1.8-3ubuntu1+esm1UNKNOWN
Ubuntu16.04noarchlibbatik-java< 1.8-3ubuntu1UNKNOWN
Ubuntu14.04noarchlibbatik-java< 1.7.ubuntu-8ubuntu2.14.04.3+esm1UNKNOWN
Ubuntu14.04noarchlibbatik-java< 1.7.ubuntu-8ubuntu2.14.04.3UNKNOWN

Related

osv 18
openvas 25
nessus 20
amazon 2
mageia 3
gentoo 1
ibm 42
rosalinux 1
debian 3
atlassian 7
redos 1
veracode 7
github 7
debiancve 7
prion 7
fedora 17
ubuntucve 7
cve 7
redhatcve 7
zdi 2
cnvd 3
githubexploit 1
suse 2
redhat 2
osv
osv
batik vulnerabilities
2023-05-30 14:31:05
batik - security update
2023-10-14 00:00:00
batik - security update
2022-10-29 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-6117-1)
2023-05-31 00:00:00
Mageia: Security Advisory (MGASA-2024-0068)
2024-03-18 00:00:00
Debian: Security Advisory (DLA-3619-1)
2023-10-16 00:00:00
nessus
nessus
Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : Apache Batik vulnerabilities (USN-6117-1)
2023-05-30 00:00:00
Amazon Linux AMI : batik (ALAS-2023-1695)
2023-03-07 00:00:00
Amazon Linux 2 : batik (ALAS-2023-1966)
2023-03-07 00:00:00
amazon
amazon
Important: batik
2023-03-02 21:49:00
Important: batik
2023-03-02 20:21:00
mageia
mageia
Updated batik packages fix security vulnerabilities
2024-03-16 19:28:17
Updated batik packages fix security vulnerabilities
2021-04-02 23:25:05
Updated batik packages fix a security vulnerability
2021-03-17 09:16:07
gentoo
gentoo
Apache Batik: Multiple Vulnerabilities
2024-01-07 00:00:00
ibm
ibm
Security Bulletin: There are several vulnerabilities in Apache Batik used by IBM Jazz Reporting Service (CVE-2022-40146, CVE-2022-38648, CVE-2022-38398)
2023-10-04 10:44:16
Security Bulletin: Vulnerabilities in batik-all library affects IBM Engineering Test Management (ETM) (CVE-2022-38648, CVE-2022-40146, CVE-2022)
2023-05-02 07:45:16
Security Bulletin: There are several vulnerabilities in Apache Batik used by IBM Maximo Asset Management (CVE-2022-40146, CVE-2022-38648, CVE-2022-38398)
2023-04-05 15:03:48
rosalinux
rosalinux
Advisory ROSA-SA-2023-2239
2023-10-10 08:57:57
debian
debian
[SECURITY] [DLA 3619-1] batik security update
2023-10-14 22:16:33
[SECURITY] [DSA 5264-1] batik security update
2022-10-29 21:58:51
[SECURITY] [DLA 3169-1] batik security update
2022-10-29 15:13:48
atlassian
atlassian
Jira is affected by CVE-2022-42890 &
2023-03-09 00:04:38
SSRF (Server-Side Request Forgery) org.apache.xmlgraphics:batik-bridge Dependency in Jira Software Data Center and Server
2024-02-14 10:47:23
SSRF org.apache.xmlgraphics:batik-bridge in Confluence Data Center and Server
2023-11-03 00:46:20
redos
redos
ROS-20221103-03
2022-11-03 00:00:00
veracode
veracode
Information Disclosure
2022-10-26 10:11:51
XML External Entity (XXE)
2021-02-25 04:34:00
Server-Side Request Forgery
2022-09-26 12:42:58
github
github
Apache Batik Server-Side Request Forgery
2022-09-23 00:00:39
Untrusted code execution in Apache XML Graphics Batik
2022-10-25 19:00:29
Server-side request forgery (SSRF) in Apache Batik
2022-01-06 20:35:54
debiancve
debiancve
CVE-2022-38398
2022-09-22 15:15:00
CVE-2022-41704
2022-10-25 17:15:00
CVE-2022-40146
2022-09-22 15:15:00
prion
prion
Code injection
2022-10-25 17:15:00
Server side request forgery (ssrf)
2021-02-24 18:15:00
Server side request forgery (ssrf)
2022-09-22 15:15:00
fedora
fedora
[SECURITY] Fedora 34 Update: batik-1.14-1.fc34
2021-03-19 20:30:31
[SECURITY] Fedora 33 Update: batik-1.14-2.fc33
2021-04-16 14:36:49
[SECURITY] Fedora 32 Update: eclipse-cdt-9.11.1-8.fc32
2020-08-31 15:50:28
ubuntucve
ubuntucve
CVE-2020-11987
2021-02-24 00:00:00
CVE-2022-40146
2022-09-22 00:00:00
CVE-2022-38398
2022-09-22 00:00:00
cve
cve
CVE-2022-38398
2022-09-22 15:15:00
CVE-2020-11987
2021-02-24 18:15:00
CVE-2022-40146
2022-09-22 15:15:00
redhatcve
redhatcve
CVE-2022-38398
2022-12-20 17:05:08
CVE-2020-11987
2021-03-01 19:03:16
CVE-2022-38648
2022-12-20 17:05:08
zdi
zdi
Apache Batik DefaultExternalResourceSecurity Server-Side Request Forgery Information Disclosure Vulnerability
2022-10-04 00:00:00
Apache Batik DefaultScriptSecurity Server-Side Request Forgery Remote Code Execution Vulnerability
2022-10-04 00:00:00
cnvd
cnvd
Apache XML Graphics Batik Server-Side Request Forgery Vulnerability (CNVD-2022-73693)
2022-09-26 00:00:00
Apache XML Graphics Batik Server-Side Request Forgery Vulnerability
2022-09-26 00:00:00
Apache XML Graphics Batik Server-Side Request Forgery Vulnerability (CNVD-2022-73690)
2022-09-26 00:00:00
githubexploit
githubexploit
Exploit for Server-Side Request Forgery in Apache Batik
2022-11-01 03:41:36
suse
suse
Security update for xmlgraphics-batik (moderate)
2020-06-23 00:00:00
Security update for xmlgraphics-batik (moderate)
2020-07-23 00:00:00
redhat
redhat
(RHSA-2023:3954) Critical: Red Hat Fuse 7.12 release and security update
2023-06-29 20:05:32
(RHSA-2023:2100) Important: Red Hat Integration Camel for Spring Boot 3.20.1 security update
2023-05-03 14:03:49

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

7.9 High

AI Score

Confidence

High

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.009 Low

EPSS

Percentile

82.9%

JSON
Related for USN-6117-1
osv18openvas25nessus20amazon2mageia3gentoo1ibm42rosalinux1debian3atlassian7redos1veracode7github7debiancve7prion7fedora17ubuntucve7cve7redhatcve7zdi2cnvd3githubexploit1suse2redhat2