Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
apache batik |
||
oracle api gateway 11.1.2.4.0 |
||
oracle hyperion financial reporting 11.1.2.4 |
||
oracle enterprise repository 11.1.1.7.0 |
||
oracle business intelligence 12.2.1.3.0 |
||
oracle retail order broker 15.0 |
||
oracle retail order broker 16.0 |
||
oracle retail returns management 14.1 |
||
oracle retail point-of-service 14.1 |
||
oracle business intelligence 12.2.1.4.0 |
||
oracle business intelligence 5.5.0.0.0 |
||
oracle financial services analytical applications infrastructure |
||
oracle fusion middleware mapviewer 12.2.1.4.0 |
||
oracle instantis enterprisetrack |
||
oracle communications offline mediation controller 12.0.0.3.0 |
||
oracle retail integration bus 15.0.3 |
||
oracle communications application session controller 3.9m0p2 |
||
oracle hospitality opera 5 5.5 |
||
oracle hospitality opera 5 5.6 |
||
oracle business intelligence 5.9.0.0.0 |
||
oracle retail order management system cloud service 19.5 |
||
oracle jd edwards enterpriseone tools |
||
oracle communications metasolv solution |
||
oracle jd edwards enterpriseone tools 9.2.4.2 |
||
oracle hyperion financial reporting 11.2.5.0 |
Vulmon