Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache xml graphics batik vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-44729
Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in so...
Apache Xml Graphics Batik
Debian Debian Linux 10.0
NA
CVE-2022-44730
Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. A malicious SVG can probe user profile / data and send it directly as parameter to a URL.
Apache Xml Graphics Batik
Debian Debian Linux 10.0
NA
CVE-2022-42890
A vulnerability in Batik of Apache XML Graphics allows an malicious user to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics before 1.16. Users are recommended to upgrade to version 1.16.
Apache Batik
Debian Debian Linux 10.0
Debian Debian Linux 11.0
NA
CVE-2022-41704
A vulnerability in Batik of Apache XML Graphics allows an malicious user to run untrusted Java code from an SVG. This issue affects Apache XML Graphics before 1.16. It is recommended to update to version 1.16.
Apache Batik
Debian Debian Linux 10.0
Debian Debian Linux 11.0
NA
CVE-2022-38398
Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an malicious user to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14.
Apache Batik 1.14
Debian Debian Linux 10.0
NA
CVE-2022-38648
Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an malicious user to fetch external resources. This issue affects Apache XML Graphics Batik 1.14.
Apache Batik 1.14
Debian Debian Linux 10.0
NA
CVE-2022-40146
Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an malicious user to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.
Apache Batik 1.14
Debian Debian Linux 10.0
570
VMScore
CVE-2020-11987
Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.
Apache Batik
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Oracle Enterprise Repository 11.1.1.7.0
Oracle Retail Back Office 14.1
Oracle Weblogic Server 12.2.1.3.0
Oracle Retail Order Broker 15.0
Oracle Retail Order Broker 16.0
Oracle Retail Returns Management 14.1
Oracle Retail Central Office 14.1
Oracle Retail Point-of-service 14.1
Oracle Instantis Enterprisetrack 17.1
Oracle Instantis Enterprisetrack 17.2
Oracle Instantis Enterprisetrack 17.3
Oracle Communications Metasolv Solution 6.3.0
Oracle Banking Digital Experience 18.3
Oracle Banking Digital Experience 19.1
Oracle Weblogic Server 12.2.1.4.0
Oracle Fusion Middleware Mapviewer 12.2.1.4.0
Oracle Weblogic Server 14.1.1.0.0
Oracle Banking Digital Experience 19.2
Oracle Banking Digital Experience 20.1
1 Github repository
445
VMScore
CVE-2019-17566
Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET reques...
Apache Batik
Oracle Api Gateway 11.1.2.4.0
Oracle Hyperion Financial Reporting 11.1.2.4
Oracle Enterprise Repository 11.1.1.7.0
Oracle Business Intelligence 12.2.1.3.0
Oracle Retail Order Broker 15.0
Oracle Retail Order Broker 16.0
Oracle Retail Returns Management 14.1
Oracle Retail Point-of-service 14.1
Oracle Business Intelligence 12.2.1.4.0
Oracle Business Intelligence 5.5.0.0.0
Oracle Financial Services Analytical Applications Infrastructure
Oracle Fusion Middleware Mapviewer 12.2.1.4.0
Oracle Instantis Enterprisetrack
Oracle Communications Offline Mediation Controller 12.0.0.3.0
Oracle Retail Integration Bus 15.0.3
Oracle Communications Application Session Controller 3.9m0p2
Oracle Hospitality Opera 5 5.5
Oracle Hospitality Opera 5 5.6
Oracle Business Intelligence 5.9.0.0.0
Oracle Retail Order Management System Cloud Service 19.5
Oracle Jd Edwards Enterpriseone Tools
1 Github repository
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-17519
open redirect
CVE-2024-21683
cache poisoning
CVE-2021-47524
CVE-2021-47521
CVE-2024-5229
CVE-2021-47560
local
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started