Lucene search

IBMED8F8307E017F0B5E99D75B0A0278941C71E34AEAB269BE8FE00779D7C4262C4

HistoryMay 02, 2023 - 7:45 a.m.

Security Bulletin: Vulnerabilities in batik-all library affects IBM Engineering Test Management (ETM) (CVE-2022-38648, CVE-2022-40146, CVE-2022)

2023-05-0207:45:16

www.ibm.com

ibm engineering test management

batik library

ssrf

vulnerabilities

upgrade

version 7.0.1

version 7.0.2

fix central

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

56.9%

JSON

Summary

This Security Vulnerablity has been addressed in IBM Engineering Test Management in newer releases

Vulnerability Details

CVEID:CVE-2022-38648
**DESCRIPTION:**Apache Batik is vulnerable to server-side request forgery, caused by a flaw when calling the fop function. By sending a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack to fetch external resources.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/236846 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID:CVE-2022-40146
**DESCRIPTION:**Apache Batik is vulnerable to server-side request forgery, caused by a flaw in the DefaultScriptSecurity function. By sending a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack to access files using a Jar url.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/236847 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2022-38398
**DESCRIPTION:**Apache Batik is vulnerable to server-side request forgery, caused by a flaw in the DefaultExternalResourceSecurity function. By sending a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack to load a url thru the jar protocol.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/236845 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
ETM	7.0.1
ETM	7.0.2

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now by upgrading and applying the suggested fix that uses upgraded version of batik-all library.

Suggested :

Download and apply ETM 7.0.1 iFix22 from Fix Central here

Engineering Test Management | 7.0.2| Download and apply ETM 7.0.2 iFix22 from Fix Central here

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmengineering_test_managementMatch7.0.2

ibmengineering_test_managementMatch7.0.1

VendorProductVersionCPE
ibmengineering_test_management7.0.2cpe:2.3:a:ibm:engineering_test_management:7.0.2:*:*:*:*:*:*:*
ibmengineering_test_management7.0.1cpe:2.3:a:ibm:engineering_test_management:7.0.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	engineering_test_management	7.0.2	cpe:2.3:a:ibm:engineering_test_management:7.0.2:::::::*
ibm	engineering_test_management	7.0.1	cpe:2.3:a:ibm:engineering_test_management:7.0.1:::::::*