Lucene search

XML External Entity (XXE) Injection

🗓️ 13 Apr 2017 02:52:00Reported by Veracode Vulnerability DatabaseType

veracode🔗 sca.analysiscenter.veracode.com👁 22 Views

Apache Batik vulnerable to XML External Entity (XXE) Injectio

Reporter	Title	Published	Views	Family All 66
IBM Security Bulletins	Security Bulletin: Security Vulnerability in Apache Batik (CVE-2015-0250)	5 Feb 202000:09	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cúram Social Program Management contains an Apache Batik Vulnerability (CVE-2015-0250)	20 Jul 201814:44	–	ibm
IBM Security Bulletins	Security Bulletin: Security Vulnerability in Apache Batik (CVE-2015-0250)	3 Aug 201804:23	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Tivoli Netcool Configuration Manager (ITNCM) is vulnerable to Open Source Apache Batik vulnerability (CVE-2015-0250)	20 Dec 201916:09	–	ibm
IBM Security Bulletins	Security Bulletin: Order Management is subject to an Apache Batik vulnerability and could allow a remote attacker to obtain sensitive information.	12 Apr 202417:40	–	ibm
IBM Security Bulletins	Security Bulletin: Open Source Apache Batik vulnerability affects Rational Developer for System z (CVE-2015-0250)	27 Oct 202016:05	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM contains vulnerable components. (CVE-2015-0250)	16 Jun 201822:06	–	ibm
IBM Security Bulletins	Security Bulletin:IBM TRIRIGA Application Platform discloses CVE-20215-0250	30 Aug 202216:36	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities found in batik-all-1.7.jar, batik-dom-1.7.jar which is shipped with IBM® Intelligent Operations Center(CVE-2018-8013, CVE-2017-5662, CVE-2015-0250)	5 Sep 202308:40	–	ibm
IBM Security Bulletins	Security Bulletin: The IBM® Engineering System Design Rhapsody products on IBM Jazz Technology contains additional security fixes for CVE-2015-0250, CVE-2018-8013, CVE-2017-5662 batik-dom-1.7.jar (Publicly disclosed vulnerability found by WhiteSource)	13 Jul 202310:54	–	ibm

Vulners

Node

-batik-domMatch1.7

-batik-domMatch1.6.1

-batik_domRange≤1.6-1

Source	Link
seclists	www.seclists.org/fulldisclosure/2015/Mar/142
github	www.github.com/apache/batik/commit/1e12686194370b22420da705d71af66161affa33
xmlgraphics	www.xmlgraphics.apache.org/security.html
issues	www.issues.apache.org/jira/browse/BATIK-1018
securitytracker	www.securitytracker.com/id/1032781
securitytracker	www.securitytracker.com/id/1032781
debian	www.debian.org/security/2015/dsa-3205
debian	www.debian.org/security/2015/dsa-3205
advisories	www.advisories.mageia.org/MGASA-2015-0138.html
advisories	www.advisories.mageia.org/MGASA-2015-0138.html

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

13 Apr 2017 02:00Current

8.2High risk

Vulners AI Score8.2

EPSS0.28541