Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:USN-6117-1
HistoryMay 30, 2023 - 2:31 p.m.

batik vulnerabilities

2023-05-3014:31:05
Google
osv.dev
17
apache batik
vulnerabilities
remote code execution
file access
cve-2019-17566
cve-2020-11987
cve-2022-38398
cve-2022-38648
cve-2022-40146
cve-2022-41704
cve-2022-42890

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

CVSS3

8.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

AI Score

8

Confidence

High

EPSS

0.009

Percentile

83.1%

JSON

It was discovered that Apache Batik incorrectly handled certain inputs. An
attacker could possibly use this to perform a cross site request forgery
attack. (CVE-2019-17566, CVE-2020-11987, CVE-2022-38398, CVE-2022-38648)

It was discovered that Apache Batik incorrectly handled Jar URLs in some
situations. A remote attacker could use this issue to access files on the
server. (CVE-2022-40146)

It was discovered that Apache Batik allowed running untrusted Java code from
an SVG. An attacker could use this issue to cause a denial of service,
or possibly execute arbitrary code. (CVE-2022-41704, CVE-2022-42890)

Related

ubuntu 1
openvas 26
nessus 17
amazon 2
mageia 3
gentoo 1
ibm 31
rosalinux 1
osv 18
debian 3
atlassian 7
redos 1
github 7
nvd 7
debiancve 7
veracode 7
fedora 17
redhatcve 7
ubuntucve 7
githubexploit 1
zdi 2
cve 7
cnvd 3
cvelist 7
prion 7
suse 2
ubuntu
ubuntu
Apache Batik vulnerabilities
2023-05-30 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-6117-1)
2023-05-31 00:00:00
Mageia: Security Advisory (MGASA-2024-0068)
2024-03-18 00:00:00
Debian: Security Advisory (DLA-3619-1)
2023-10-16 00:00:00
nessus
nessus
Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : Apache Batik vulnerabilities (USN-6117-1)
2023-05-30 00:00:00
Amazon Linux 2 : batik (ALAS-2023-1966)
2023-03-07 00:00:00
Amazon Linux AMI : batik (ALAS-2023-1695)
2023-03-07 00:00:00
amazon
amazon
Important: batik
2023-03-02 21:49:00
Important: batik
2023-03-02 20:21:00
mageia
mageia
Updated batik packages fix security vulnerabilities
2024-03-16 19:28:17
Updated batik packages fix security vulnerabilities
2021-04-02 23:25:05
Updated batik packages fix a security vulnerability
2021-03-17 09:16:07
gentoo
gentoo
Apache Batik: Multiple Vulnerabilities
2024-01-07 00:00:00
ibm
ibm
Security Bulletin: There are several vulnerabilities in Apache Batik used by IBM Jazz Reporting Service (CVE-2022-40146, CVE-2022-38648, CVE-2022-38398)
2023-10-04 10:44:16
Security Bulletin: There are several vulnerabilities in Apache Batik used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-40146, CVE-2022-38648, CVE-2022-38398)
2023-04-04 21:55:52
Security Bulletin: Vulnerabilities found in batik-bridge-1.7.jar which is shipped with IBM® Intelligent Operations Center(CVE-2022-40146, CVE-2022-38648, CVE-2022-38398)
2023-09-05 13:23:31
rosalinux
rosalinux
Advisory ROSA-SA-2023-2239
2023-10-10 08:57:57
osv
osv
batik - security update
2023-10-14 00:00:00
batik - security update
2022-10-29 00:00:00
batik - security update
2022-10-29 00:00:00
debian
debian
[SECURITY] [DLA 3619-1] batik security update
2023-10-14 22:16:33
[SECURITY] [DLA 3169-1] batik security update
2022-10-29 15:13:48
[SECURITY] [DSA 5264-1] batik security update
2022-10-29 21:58:51
atlassian
atlassian
Jira is affected by CVE-2022-42890 &
2023-03-09 00:04:38
SSRF (Server-Side Request Forgery) org.apache.xmlgraphics:batik-bridge Dependency in Jira Software Data Center and Server
2024-02-14 10:47:23
SSRF org.apache.xmlgraphics:batik-bridge in Confluence Data Center and Server
2023-11-03 00:46:20
redos
redos
ROS-20221103-03
2022-11-03 00:00:00
github
github
Apache Batik Server-Side Request Forgery
2022-09-23 00:00:39
Apache Batik vulnerable to Server-Side Request Forgery
2022-09-23 00:00:40
Server-side request forgery (SSRF) in Apache Batik
2022-01-06 20:35:54
nvd
nvd
CVE-2022-38398
2022-09-22 15:15:09
CVE-2020-11987
2021-02-24 18:15:11
CVE-2022-38648
2022-09-22 15:15:09
debiancve
debiancve
CVE-2022-38398
2022-09-22 15:15:09
CVE-2022-41704
2022-10-25 17:15:57
CVE-2022-38648
2022-09-22 15:15:09
veracode
veracode
Information Disclosure
2022-10-26 10:11:51
XML External Entity (XXE)
2021-02-25 04:34:00
Server-Side Request Forgery
2022-09-26 12:42:58
fedora
fedora
[SECURITY] Fedora 34 Update: batik-1.14-1.fc34
2021-03-19 20:30:31
[SECURITY] Fedora 33 Update: batik-1.14-2.fc33
2021-04-16 14:36:49
[SECURITY] Fedora 32 Update: eclipse-cdt-9.11.1-8.fc32
2020-08-31 15:50:28
redhatcve
redhatcve
CVE-2022-38648
2022-12-20 17:05:08
CVE-2022-40146
2022-12-20 17:05:11
CVE-2022-38398
2022-12-20 17:05:08
ubuntucve
ubuntucve
CVE-2022-40146
2022-09-22 00:00:00
CVE-2020-11987
2021-02-24 00:00:00
CVE-2022-38648
2022-09-22 00:00:00
githubexploit
githubexploit
Exploit for Server-Side Request Forgery in Apache Batik
2022-11-01 03:41:36
zdi
zdi
Apache Batik DefaultExternalResourceSecurity Server-Side Request Forgery Information Disclosure Vulnerability
2022-10-04 00:00:00
Apache Batik DefaultScriptSecurity Server-Side Request Forgery Remote Code Execution Vulnerability
2022-10-04 00:00:00
cve
cve
CVE-2022-38398
2022-09-22 15:15:09
CVE-2020-11987
2021-02-24 18:15:11
CVE-2022-38648
2022-09-22 15:15:09
cnvd
cnvd
Apache XML Graphics Batik Server-Side Request Forgery Vulnerability (CNVD-2022-73693)
2022-09-26 00:00:00
Apache XML Graphics Batik Server-Side Request Forgery Vulnerability
2022-09-26 00:00:00
Apache XML Graphics Batik Server-Side Request Forgery Vulnerability (CNVD-2022-73690)
2022-09-26 00:00:00
cvelist
cvelist
CVE-2022-38398 Server-Side Request Forgery Information Disclosure Vulnerability
2022-09-22 00:00:00
CVE-2022-41704 Apache Batik prior to 1.16 allows RCE when loading untrusted SVG input
2022-10-25 00:00:00
CVE-2020-11987
2021-02-24 00:00:00
prion
prion
Server side request forgery (ssrf)
2022-09-22 15:15:00
Server side request forgery (ssrf)
2022-09-22 15:15:00
Server side request forgery (ssrf)
2021-02-24 18:15:00
suse
suse
Security update for xmlgraphics-batik (moderate)
2020-06-23 00:00:00
Security update for xmlgraphics-batik (moderate)
2020-07-23 00:00:00

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

CVSS3

8.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

AI Score

8

Confidence

High

EPSS

0.009

Percentile

83.1%

JSON
Related for OSV:USN-6117-1
ubuntu1openvas26nessus17amazon2mageia3gentoo1ibm31rosalinux1osv18debian3atlassian7redos1github7nvd7debiancve7veracode7fedora17redhatcve7ubuntucve7githubexploit1zdi2cve7cnvd3cvelist7prion7suse2