Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-17566 (GCVE-0-2019-17566)
Vulnerability from cvelistv5 – Published: 2020-11-12 00:00 – Updated: 2024-08-05 01:40
VLAI
EPSS
Summary
Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.
Severity
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
10 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Apache Batik |
Affected:
Apache Batik 1.12 and older
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:40:15.834Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://xmlgraphics.apache.org/security.html"
},
{
"name": "[myfaces-commits] 20201120 [myfaces-tobago] branch tobago-2.x updated: Update batik dependency from 1.9 to 1.13, because of CVE-2019-17566",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rab94fe68b180d2e2fba97abf6fe1ec83cff826be25f86cd90f047171%40%3Ccommits.myfaces.apache.org%3E"
},
{
"name": "[myfaces-commits] 20201211 [myfaces-tobago] 21/22: Update batik dependency from 1.9 to 1.13, because of CVE-2019-17566",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rcab14a9ec91aa4c151e0729966282920423eff50a22759fd21db6509%40%3Ccommits.myfaces.apache.org%3E"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "GLSA-202401-11",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202401-11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Batik",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Apache Batik 1.12 and older"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the \"xlink:href\" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-07T11:06:15.441Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"url": "https://xmlgraphics.apache.org/security.html"
},
{
"name": "[myfaces-commits] 20201120 [myfaces-tobago] branch tobago-2.x updated: Update batik dependency from 1.9 to 1.13, because of CVE-2019-17566",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rab94fe68b180d2e2fba97abf6fe1ec83cff826be25f86cd90f047171%40%3Ccommits.myfaces.apache.org%3E"
},
{
"name": "[myfaces-commits] 20201211 [myfaces-tobago] 21/22: Update batik dependency from 1.9 to 1.13, because of CVE-2019-17566",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rcab14a9ec91aa4c151e0729966282920423eff50a22759fd21db6509%40%3Ccommits.myfaces.apache.org%3E"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "GLSA-202401-11",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202401-11"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2019-17566",
"datePublished": "2020-11-12T00:00:00.000Z",
"dateReserved": "2019-10-14T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:40:15.834Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2019-17566",
"date": "2026-05-29",
"epss": "0.00815",
"percentile": "0.74595"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2019-17566\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2020-11-12T18:15:12.567\",\"lastModified\":\"2024-11-21T04:32:32.617\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the \\\"xlink:href\\\" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.\"},{\"lang\":\"es\",\"value\":\"Apache Batik es vulnerable a un ataque de tipo server-side request forgery, causada por una comprobaci\u00f3n inapropiada de la entrada por parte de los atributos \\\"xlink:href\\\".\u0026#xa0;Al utilizar un argumento especialmente dise\u00f1ado, un atacante podr\u00eda explotar esta vulnerabilidad para causar que el servidor subyacente realice peticiones GET arbitrarias\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-918\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:batik:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.13\",\"matchCriteriaId\":\"8A950107-C093-47B9-81A8-0EB3BEF2671E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5553591-073B-45E3-999F-21B8BA2EEE22\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:business_intelligence:5.5.0.0.0:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"D40AD626-B23A-44A3-A6C0-1FFB4D647AE4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"B602F9E8-1580-436C-A26D-6E6F8121A583\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"77C3DD16-1D81-40E1-B312-50FBD275507C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"81DAC8C0-D342-44B5-9432-6B88D389584F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_application_session_controller:3.9m0p2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"307AD099-8DCA-41D2-A2E8-B54C8963D820\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_metasolv_solution:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.3.0\",\"versionEndIncluding\":\"6.3.1\",\"matchCriteriaId\":\"C55B9382-6FFE-46DF-AD75-16FABFA37229\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49ACFC73-A509-4D1C-8FC3-F68F495AB055\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_repository:11.1.1.7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"69300B13-8C0F-4433-A6E8-B2CE32C4723D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.6\",\"versionEndIncluding\":\"8.1.0\",\"matchCriteriaId\":\"021014B2-DC51-481C-BCFE-5857EFBDEDDA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA86EF7E-6162-4244-9C88-7AF5CAB787E0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hospitality_opera_5:5.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A1817C30-7B0B-441A-9567-B8DD7C6E646C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hospitality_opera_5:5.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"95D6A426-B914-401F-9AB0-5F5E3A3FE138\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hyperion_financial_reporting:11.1.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A6675A3-684B-4486-A451-C6688F1C821B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hyperion_financial_reporting:11.2.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B321C982-EB68-4160-95DB-590CF8BB6727\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.1\",\"versionEndIncluding\":\"17.3\",\"matchCriteriaId\":\"9A74FD5F-4FEA-4A74-8B92-72DFDE6BA464\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.2.4.0\",\"matchCriteriaId\":\"D47FCCD9-73F5-4BBC-9456-EED314AFC3C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BB4E4AF-DD15-470D-B437-5913BFFD97E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_integration_bus:15.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA800332-C6B9-4F05-9FB0-72C1040AAFD4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE8CF045-09BB-4069-BCEC-496D5AE3B780\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38E74E68-7F19-4EF3-AC00-3C249EAAA39E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_order_management_system_cloud_service:19.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0C02FB5-59A0-43BC-B3DA-2BB1A1BE5CC3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E13DF2AE-F315-4085-9172-6C8B21AF1C9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BDB925C6-2CBC-4D88-B9EA-F246F4F7A206\"}]}]}],\"references\":[{\"url\":\"https://lists.apache.org/thread.html/rab94fe68b180d2e2fba97abf6fe1ec83cff826be25f86cd90f047171%40%3Ccommits.myfaces.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rcab14a9ec91aa4c151e0729966282920423eff50a22759fd21db6509%40%3Ccommits.myfaces.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://security.gentoo.org/glsa/202401-11\",\"source\":\"security@apache.org\"},{\"url\":\"https://www.oracle.com//security-alerts/cpujul2021.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuApr2021.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2021.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2022.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2022.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2021.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://xmlgraphics.apache.org/security.html\",\"source\":\"security@apache.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/rab94fe68b180d2e2fba97abf6fe1ec83cff826be25f86cd90f047171%40%3Ccommits.myfaces.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rcab14a9ec91aa4c151e0729966282920423eff50a22759fd21db6509%40%3Ccommits.myfaces.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202401-11\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.oracle.com//security-alerts/cpujul2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuApr2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://xmlgraphics.apache.org/security.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
Title
Уязвимость библиотеки для работы с SVG-изображениями Apache Batik, связанная с некорректной обработкой данных в атрибутах «xlink: href», позволяющая нарушителю осуществлять CSRF-атаки
Description
Уязвимость библиотеки для работы с SVG-изображениями Apache Batik связана с некорректной обработкой данных в атрибутах «xlink: href». Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, осуществлять CSRF-атаки с помощью специально сформированных запросов GET
Severity
Vendor
Oracle Corp., Novell Inc., Red Hat Inc., Apache Software Foundation, АО «Концерн ВНИИНС»
Software Name
API Gateway, Enterprise Repository, SUSE Linux Enterprise Software Development Kit, Oracle Retail Order Broker, Instantis EnterpriseTrack, Red Hat JBoss Fuse, OpenSUSE Leap, Hospitality Opera 5, Red Hat Descision Manager, Communications MetaSolv Solution, Financial Services Analytical Applications Infrastructure, Fusion Middleware MapViewer, Red Hat Process Automation, Retail Integration Bus, Communications Application Session Controller, Batik, JD Edwards EnterpriseOne Tools, ОС ОН «Стрелец» (запись в едином реестре российских программ №6177)
Software Version
11.1.2.4.0 (API Gateway), 11.1.1.7.0 (Enterprise Repository), 12 SP4 (SUSE Linux Enterprise Software Development Kit), 15.0 (Oracle Retail Order Broker), 16.0 (Oracle Retail Order Broker), 17.1 (Instantis EnterpriseTrack), 17.2 (Instantis EnterpriseTrack), 17.3 (Instantis EnterpriseTrack), 7 (Red Hat JBoss Fuse), 15.1 (OpenSUSE Leap), 12 SP5 (SUSE Linux Enterprise Software Development Kit), 5.5 (Hospitality Opera 5), 7 (Red Hat Descision Manager), 6.3.0 (Communications MetaSolv Solution), от 8.0.6 до 8.1.0 включительно (Financial Services Analytical Applications Infrastructure), 12.2.1.4.0 (Fusion Middleware MapViewer), 7 (Red Hat Process Automation), 15.0.3 (Retail Integration Bus), 3.9m0p2 (Communications Application Session Controller), 6.3.1 (Communications MetaSolv Solution), до 1.13 (Batik), 5.6 (Hospitality Opera 5), до 9.2.4.0 (JD Edwards EnterpriseOne Tools), до 16.01.2023 (ОС ОН «Стрелец»)
Possible Mitigations
Использование рекомендаций:
Для Apache:
https://lists.apache.org/thread.html/rab94fe68b180d2e2fba97abf6fe1ec83cff826be25f86cd90f047171@%3Ccommit.myfaces.apache.org%3E
https://lists.apache.org/thread.html/rcab14a9ec91aa4c151e0729966282920423eff50a22759fd21db6509@%3Ccommit.myfaces.apache.org%3E
Для программных продуктов Oracle:
https://www.oracle.com/security-alerts/cpujan2021.htm
lhttps://www.oracle.com/security-alerts/cpuapr2021.html
Для программных продуктов Red Hat.:
https://access.redhat.com/security/cve/cve-2019-17566
Для программных продуктов Novell Inc.:
https://www.suse.com/security/cve/CVE-2019-17566/
Для ОС ОН «Стрелец»:
Обновление программного обеспечения batik до версии 1.8-4+deb9u2
Reference
https://lists.apache.org/thread.html/rab94fe68b180d2e2fba97abf6fe1ec83cff826be25f86cd90f047171@%3Ccommit.myfaces.apache.org%3E
https://lists.apache.org/thread.html/rcab14a9ec91aa4c151e0729966282920423eff50a22759fd21db6509@%3Ccommit.myfaces.apache.org%3E
https://www.oracle.com/security-alerts/cpujan2021.html
https://access.redhat.com/security/cve/cve-2019-17566
https://www.suse.com/security/cve/CVE-2019-17566/
https://www.oracle.com/security-alerts/cpuapr2021.html
https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023
CWE
CWE-352, CWE-918
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:C/A:N",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Oracle Corp., Novell Inc., Red Hat Inc., Apache Software Foundation, \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "11.1.2.4.0 (API Gateway), 11.1.1.7.0 (Enterprise Repository), 12 SP4 (SUSE Linux Enterprise Software Development Kit), 15.0 (Oracle Retail Order Broker), 16.0 (Oracle Retail Order Broker), 17.1 (Instantis EnterpriseTrack), 17.2 (Instantis EnterpriseTrack), 17.3 (Instantis EnterpriseTrack), 7 (Red Hat JBoss Fuse), 15.1 (OpenSUSE Leap), 12 SP5 (SUSE Linux Enterprise Software Development Kit), 5.5 (Hospitality Opera 5), 7 (Red Hat Descision Manager), 6.3.0 (Communications MetaSolv Solution), \u043e\u0442 8.0.6 \u0434\u043e 8.1.0 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Financial Services Analytical Applications Infrastructure), 12.2.1.4.0 (Fusion Middleware MapViewer), 7 (Red Hat Process Automation), 15.0.3 (Retail Integration Bus), 3.9m0p2 (Communications Application Session Controller), 6.3.1 (Communications MetaSolv Solution), \u0434\u043e 1.13 (Batik), 5.6 (Hospitality Opera 5), \u0434\u043e 9.2.4.0 (JD Edwards EnterpriseOne Tools), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Apache:\nhttps://lists.apache.org/thread.html/rab94fe68b180d2e2fba97abf6fe1ec83cff826be25f86cd90f047171@%3Ccommit.myfaces.apache.org%3E \nhttps://lists.apache.org/thread.html/rcab14a9ec91aa4c151e0729966282920423eff50a22759fd21db6509@%3Ccommit.myfaces.apache.org%3E \n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Oracle:\nhttps://www.oracle.com/security-alerts/cpujan2021.htm\nlhttps://www.oracle.com/security-alerts/cpuapr2021.html\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat.:\nhttps://access.redhat.com/security/cve/cve-2019-17566\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://www.suse.com/security/cve/CVE-2019-17566/\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f batik \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1.8-4+deb9u2",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "15.06.2020",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "21.11.2023",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "02.03.2021",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2021-01018",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-17566",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "API Gateway, Enterprise Repository, SUSE Linux Enterprise Software Development Kit, Oracle Retail Order Broker, Instantis EnterpriseTrack, Red Hat JBoss Fuse, OpenSUSE Leap, Hospitality Opera 5, Red Hat Descision Manager, Communications MetaSolv Solution, Financial Services Analytical Applications Infrastructure, Fusion Middleware MapViewer, Red Hat Process Automation, Retail Integration Bus, Communications Application Session Controller, Batik, JD Edwards EnterpriseOne Tools, \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Novell Inc. OpenSUSE Leap 15.1 , \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 \u0434\u043b\u044f \u0440\u0430\u0431\u043e\u0442\u044b \u0441 SVG-\u0438\u0437\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f\u043c\u0438 Apache Batik, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u043e\u0439 \u0434\u0430\u043d\u043d\u044b\u0445 \u0432 \u0430\u0442\u0440\u0438\u0431\u0443\u0442\u0430\u0445 \u00abxlink: href\u00bb, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u044f\u0442\u044c CSRF-\u0430\u0442\u0430\u043a\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u0430\u044f \u0444\u0430\u043b\u044c\u0441\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044f \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 (CWE-352), \u0421\u0435\u0440\u0432\u0435\u0440\u043d\u0430\u044f \u0444\u0430\u043b\u044c\u0441\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044f \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 (CWE-918)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 \u0434\u043b\u044f \u0440\u0430\u0431\u043e\u0442\u044b \u0441 SVG-\u0438\u0437\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f\u043c\u0438 Apache Batik \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u043e\u0439 \u0434\u0430\u043d\u043d\u044b\u0445 \u0432 \u0430\u0442\u0440\u0438\u0431\u0443\u0442\u0430\u0445 \u00abxlink: href\u00bb. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u044f\u0442\u044c CSRF-\u0430\u0442\u0430\u043a\u0438 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 GET",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041f\u043e\u0434\u043c\u0435\u043d\u0430 \u043f\u0440\u0438 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://lists.apache.org/thread.html/rab94fe68b180d2e2fba97abf6fe1ec83cff826be25f86cd90f047171@%3Ccommit.myfaces.apache.org%3E \nhttps://lists.apache.org/thread.html/rcab14a9ec91aa4c151e0729966282920423eff50a22759fd21db6509@%3Ccommit.myfaces.apache.org%3E \nhttps://www.oracle.com/security-alerts/cpujan2021.html\nhttps://access.redhat.com/security/cve/cve-2019-17566\nhttps://www.suse.com/security/cve/CVE-2019-17566/\nhttps://www.oracle.com/security-alerts/cpuapr2021.html\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u044b\u0445 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u0437\u0430\u0449\u0438\u0442\u044b, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-352, CWE-918",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}
CERTFR-2020-AVI-531
Vulnerability from certfr_avis - Published: 2020-08-26 - Updated: 2020-08-26
Une vulnérabilité a été découverte dans IBM WebSphere. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | WebSphere | WebSphere Application Server versions 8.5.x antérieures à 8.5.5.17, sans le correctif de sécurité PH26761, ou 8.5.5.18 (disponible au troisième trimestre 2020) | ||
| IBM | WebSphere | WebSphere Application Server versions 9.0.x antérieures à 9.0.5.4, sans le correctif de sécurité PH26761, ou 9.0.5.5 (disponible au troisième trimestre 2020) | ||
| IBM | WebSphere | WebSphere Application Server versions 8.0.x antérieures à 8.0.0.15 sans le correctif de sécurité PH26761 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "WebSphere Application Server versions 8.5.x ant\u00e9rieures \u00e0 8.5.5.17, sans le correctif de s\u00e9curit\u00e9 PH26761, ou 8.5.5.18 (disponible au troisi\u00e8me trimestre 2020)",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server versions 9.0.x ant\u00e9rieures \u00e0 9.0.5.4, sans le correctif de s\u00e9curit\u00e9 PH26761, ou 9.0.5.5 (disponible au troisi\u00e8me trimestre 2020)",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server versions 8.0.x ant\u00e9rieures \u00e0 8.0.0.15 sans le correctif de s\u00e9curit\u00e9 PH26761",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-17566",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17566"
}
],
"initial_release_date": "2020-08-26T00:00:00",
"last_revision_date": "2020-08-26T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-531",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-08-26T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans IBM WebSphere. Elle permet \u00e0 un\nattaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans IBM WebSphere",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6322683 du 25 ao\u00fbt 2020",
"url": "https://www.ibm.com/support/pages/node/6322683"
}
]
}
CERTFR-2020-AVI-677
Vulnerability from certfr_avis - Published: 2020-10-23 - Updated: 2020-10-23
De multiples vulnérabilités ont été découvertes dans les produits IBM. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Tivoli Monitoring version 6.3.0",
"product": {
"name": "Tivoli Monitoring",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Tivoli System Automation Application Manager 4.1",
"product": {
"name": "Tivoli",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Tivoli System Automation pour Multiplatforms 4.1",
"product": {
"name": "Tivoli",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Enterprise Content Management System Monitor version 5.5",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-4449",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-4449"
},
{
"name": "CVE-2020-14621",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14621"
},
{
"name": "CVE-2019-17566",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17566"
},
{
"name": "CVE-2020-14579",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14579"
},
{
"name": "CVE-2020-14593",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14593"
},
{
"name": "CVE-2020-14578",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14578"
},
{
"name": "CVE-2020-14556",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14556"
},
{
"name": "CVE-2020-4578",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-4578"
},
{
"name": "CVE-2019-4473",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-4473"
},
{
"name": "CVE-2019-11771",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11771"
},
{
"name": "CVE-2020-4329",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-4329"
},
{
"name": "CVE-2020-4362",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-4362"
},
{
"name": "CVE-2019-4720",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-4720"
},
{
"name": "CVE-2020-4534",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-4534"
},
{
"name": "CVE-2020-4464",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-4464"
},
{
"name": "CVE-2020-4365",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-4365"
},
{
"name": "CVE-2020-14583",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14583"
},
{
"name": "CVE-2020-4643",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-4643"
},
{
"name": "CVE-2020-4276",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-4276"
}
],
"initial_release_date": "2020-10-23T00:00:00",
"last_revision_date": "2020-10-23T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-677",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-10-23T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6351367 du 21 octobre 2020",
"url": "https://www.ibm.com/support/pages/node/6351367"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6351365 du 21 octobre 2020",
"url": "https://www.ibm.com/support/pages/node/6351365"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6351391 du 22 octobre 2020",
"url": "https://www.ibm.com/support/pages/node/6351391"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6351443 du 22 octobre 2020",
"url": "https://www.ibm.com/support/pages/node/6351443"
}
]
}
Title
Apache XML Graphics Batik跨站请求伪造漏洞
Description
Apache XML Graphics Batik是美国阿帕奇软件(Apache Software)基金会的一套基于Java的主要用于处理SVG格式图像的应用程序。
Apache XML Graphics Batik中存在跨站请求伪造漏洞。该漏洞源于WEB应用未充分验证请求是否来自可信用户。攻击者可利用该漏洞使底层服务器发出任意GET请求。
Severity
中
Patch Name
Apache XML Graphics Batik跨站请求伪造漏洞的补丁
Patch Description
Apache XML Graphics Batik是美国阿帕奇软件(Apache Software)基金会的一套基于Java的主要用于处理SVG格式图像的应用程序。
Apache XML Graphics Batik中存在跨站请求伪造漏洞。该漏洞源于WEB应用未充分验证请求是否来自可信用户。攻击者可利用该漏洞使底层服务器发出任意GET请求。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商尚未提供漏洞修复方案,请关注厂商主页更新: https://www.apache.org/
Reference
https://vigilance.fr/vulnerability/Apache-XML-Graphics-Batik-information-disclosure-via-SSRF-32600
Impacted products
| Name | Apache Apache XML Graphics Batik |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2019-17566",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-17566"
}
},
"description": "Apache XML Graphics Batik\u662f\u7f8e\u56fd\u963f\u5e15\u5947\u8f6f\u4ef6\uff08Apache Software\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u57fa\u4e8eJava\u7684\u4e3b\u8981\u7528\u4e8e\u5904\u7406SVG\u683c\u5f0f\u56fe\u50cf\u7684\u5e94\u7528\u7a0b\u5e8f\u3002\n\nApache XML Graphics Batik\u4e2d\u5b58\u5728\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8eWEB\u5e94\u7528\u672a\u5145\u5206\u9a8c\u8bc1\u8bf7\u6c42\u662f\u5426\u6765\u81ea\u53ef\u4fe1\u7528\u6237\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4f7f\u5e95\u5c42\u670d\u52a1\u5668\u53d1\u51fa\u4efb\u610fGET\u8bf7\u6c42\u3002",
"formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://www.apache.org/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2020-44096",
"openTime": "2020-08-04",
"patchDescription": "Apache XML Graphics Batik\u662f\u7f8e\u56fd\u963f\u5e15\u5947\u8f6f\u4ef6\uff08Apache Software\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u57fa\u4e8eJava\u7684\u4e3b\u8981\u7528\u4e8e\u5904\u7406SVG\u683c\u5f0f\u56fe\u50cf\u7684\u5e94\u7528\u7a0b\u5e8f\u3002\r\n\r\nApache XML Graphics Batik\u4e2d\u5b58\u5728\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8eWEB\u5e94\u7528\u672a\u5145\u5206\u9a8c\u8bc1\u8bf7\u6c42\u662f\u5426\u6765\u81ea\u53ef\u4fe1\u7528\u6237\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4f7f\u5e95\u5c42\u670d\u52a1\u5668\u53d1\u51fa\u4efb\u610fGET\u8bf7\u6c42\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Apache XML Graphics Batik\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Apache Apache XML Graphics Batik"
},
"referenceLink": "https://vigilance.fr/vulnerability/Apache-XML-Graphics-Batik-information-disclosure-via-SSRF-32600",
"serverity": "\u4e2d",
"submitTime": "2020-06-24",
"title": "Apache XML Graphics Batik\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e"
}
FKIE_CVE-2019-17566
Vulnerability from fkie_nvd - Published: 2020-11-12 18:15 - Updated: 2024-11-21 04:32
Severity
Summary
Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:batik:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8A950107-C093-47B9-81A8-0EB3BEF2671E",
"versionEndExcluding": "1.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A5553591-073B-45E3-999F-21B8BA2EEE22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:business_intelligence:5.5.0.0.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "D40AD626-B23A-44A3-A6C0-1FFB4D647AE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "B602F9E8-1580-436C-A26D-6E6F8121A583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "77C3DD16-1D81-40E1-B312-50FBD275507C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "81DAC8C0-D342-44B5-9432-6B88D389584F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_application_session_controller:3.9m0p2:*:*:*:*:*:*:*",
"matchCriteriaId": "307AD099-8DCA-41D2-A2E8-B54C8963D820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_metasolv_solution:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C55B9382-6FFE-46DF-AD75-16FABFA37229",
"versionEndIncluding": "6.3.1",
"versionStartIncluding": "6.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "49ACFC73-A509-4D1C-8FC3-F68F495AB055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_repository:11.1.1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "69300B13-8C0F-4433-A6E8-B2CE32C4723D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "021014B2-DC51-481C-BCFE-5857EFBDEDDA",
"versionEndIncluding": "8.1.0",
"versionStartIncluding": "8.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA86EF7E-6162-4244-9C88-7AF5CAB787E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hospitality_opera_5:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A1817C30-7B0B-441A-9567-B8DD7C6E646C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hospitality_opera_5:5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "95D6A426-B914-401F-9AB0-5F5E3A3FE138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hyperion_financial_reporting:11.1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0A6675A3-684B-4486-A451-C6688F1C821B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hyperion_financial_reporting:11.2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B321C982-EB68-4160-95DB-590CF8BB6727",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A74FD5F-4FEA-4A74-8B92-72DFDE6BA464",
"versionEndIncluding": "17.3",
"versionStartIncluding": "17.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D47FCCD9-73F5-4BBC-9456-EED314AFC3C6",
"versionEndExcluding": "9.2.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9BB4E4AF-DD15-470D-B437-5913BFFD97E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_integration_bus:15.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA800332-C6B9-4F05-9FB0-72C1040AAFD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE8CF045-09BB-4069-BCEC-496D5AE3B780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "38E74E68-7F19-4EF3-AC00-3C249EAAA39E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_order_management_system_cloud_service:19.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A0C02FB5-59A0-43BC-B3DA-2BB1A1BE5CC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E13DF2AE-F315-4085-9172-6C8B21AF1C9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BDB925C6-2CBC-4D88-B9EA-F246F4F7A206",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the \"xlink:href\" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests."
},
{
"lang": "es",
"value": "Apache Batik es vulnerable a un ataque de tipo server-side request forgery, causada por una comprobaci\u00f3n inapropiada de la entrada por parte de los atributos \"xlink:href\".\u0026#xa0;Al utilizar un argumento especialmente dise\u00f1ado, un atacante podr\u00eda explotar esta vulnerabilidad para causar que el servidor subyacente realice peticiones GET arbitrarias"
}
],
"id": "CVE-2019-17566",
"lastModified": "2024-11-21T04:32:32.617",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-11-12T18:15:12.567",
"references": [
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rab94fe68b180d2e2fba97abf6fe1ec83cff826be25f86cd90f047171%40%3Ccommits.myfaces.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rcab14a9ec91aa4c151e0729966282920423eff50a22759fd21db6509%40%3Ccommits.myfaces.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://security.gentoo.org/glsa/202401-11"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "security@apache.org",
"tags": [
"Vendor Advisory"
],
"url": "https://xmlgraphics.apache.org/security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rab94fe68b180d2e2fba97abf6fe1ec83cff826be25f86cd90f047171%40%3Ccommits.myfaces.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rcab14a9ec91aa4c151e0729966282920423eff50a22759fd21db6509%40%3Ccommits.myfaces.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202401-11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://xmlgraphics.apache.org/security.html"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-CMX4-P4V5-HMR5
Vulnerability from github – Published: 2022-02-09 00:46 – Updated: 2022-02-08 22:03
VLAI
Summary
Server-side request forgery (SSRF) in Apache Batik
Details
Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.
Severity
7.5 (High)
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.xmlgraphics:batik"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.13"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-17566"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-918"
],
"github_reviewed": true,
"github_reviewed_at": "2021-03-31T20:43:02Z",
"nvd_published_at": "2020-11-12T18:15:00Z",
"severity": "HIGH"
},
"details": "Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the \"xlink:href\" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.",
"id": "GHSA-cmx4-p4v5-hmr5",
"modified": "2022-02-08T22:03:08Z",
"published": "2022-02-09T00:46:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17566"
},
{
"type": "WEB",
"url": "https://github.com/apache/xmlgraphics-batik/commit/bc6078ca949039e2076cd08b4cb169c84c1179b1"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/xmlgraphics-batik"
},
{
"type": "WEB",
"url": "https://issues.apache.org/jira/browse/BATIK-1276"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rab94fe68b180d2e2fba97abf6fe1ec83cff826be25f86cd90f047171%40%3Ccommits.myfaces.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rab94fe68b180d2e2fba97abf6fe1ec83cff826be25f86cd90f047171@%3Ccommits.myfaces.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rcab14a9ec91aa4c151e0729966282920423eff50a22759fd21db6509%40%3Ccommits.myfaces.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rcab14a9ec91aa4c151e0729966282920423eff50a22759fd21db6509@%3Ccommits.myfaces.apache.org%3E"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202401-11"
},
{
"type": "WEB",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"type": "WEB",
"url": "https://xmlgraphics.apache.org/security.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Server-side request forgery (SSRF) in Apache Batik"
}
GSD-2019-17566
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-17566",
"description": "Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the \"xlink:href\" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.",
"id": "GSD-2019-17566",
"references": [
"https://www.suse.com/security/cve/CVE-2019-17566.html",
"https://access.redhat.com/errata/RHSA-2020:5568",
"https://access.redhat.com/errata/RHSA-2020:4961",
"https://access.redhat.com/errata/RHSA-2020:4960",
"https://advisories.mageia.org/CVE-2019-17566.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-17566"
],
"details": "Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the \"xlink:href\" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.",
"id": "GSD-2019-17566",
"modified": "2023-12-13T01:23:44.552671Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2019-17566",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Batik",
"version": {
"version_data": [
{
"version_value": "Apache Batik 1.12 and older"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the \"xlink:href\" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://xmlgraphics.apache.org/security.html",
"refsource": "MISC",
"url": "https://xmlgraphics.apache.org/security.html"
},
{
"name": "[myfaces-commits] 20201120 [myfaces-tobago] branch tobago-2.x updated: Update batik dependency from 1.9 to 1.13, because of CVE-2019-17566",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rab94fe68b180d2e2fba97abf6fe1ec83cff826be25f86cd90f047171@%3Ccommits.myfaces.apache.org%3E"
},
{
"name": "[myfaces-commits] 20201211 [myfaces-tobago] 21/22: Update batik dependency from 1.9 to 1.13, because of CVE-2019-17566",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rcab14a9ec91aa4c151e0729966282920423eff50a22759fd21db6509@%3Ccommits.myfaces.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "GLSA-202401-11",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202401-11"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "(,1.13)",
"affected_versions": "All versions before 1.13",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-20",
"CWE-918",
"CWE-937"
],
"date": "2023-06-14",
"description": "Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the \"xlink:href\" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.",
"fixed_versions": [
"1.13"
],
"identifier": "CVE-2019-17566",
"identifiers": [
"GHSA-cmx4-p4v5-hmr5",
"CVE-2019-17566"
],
"not_impacted": "All versions starting from 1.13",
"package_slug": "maven/org.apache.xmlgraphics/batik-svgrasterizer",
"pubdate": "2022-02-09",
"solution": "Upgrade to version 1.13 or above.",
"title": "Server-Side Request Forgery (SSRF)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2019-17566",
"https://github.com/apache/xmlgraphics-batik/commit/bc6078ca949039e2076cd08b4cb169c84c1179b1",
"https://issues.apache.org/jira/browse/BATIK-1276",
"https://lists.apache.org/thread.html/rab94fe68b180d2e2fba97abf6fe1ec83cff826be25f86cd90f047171@%3Ccommits.myfaces.apache.org%3E",
"https://lists.apache.org/thread.html/rcab14a9ec91aa4c151e0729966282920423eff50a22759fd21db6509@%3Ccommits.myfaces.apache.org%3E",
"https://www.oracle.com/security-alerts/cpujan2021.html",
"https://xmlgraphics.apache.org/security.html",
"https://www.oracle.com/security-alerts/cpuApr2021.html",
"https://www.oracle.com//security-alerts/cpujul2021.html",
"https://www.oracle.com/security-alerts/cpuoct2021.html",
"https://www.oracle.com/security-alerts/cpujan2022.html",
"https://github.com/advisories/GHSA-cmx4-p4v5-hmr5"
],
"uuid": "46e08da5-c947-4fc7-9859-6db365874a60"
},
{
"affected_range": "(,0)",
"affected_versions": "All versions before 1.13",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-20",
"CWE-918",
"CWE-937"
],
"date": "2023-06-14",
"description": "This advisory has been moved to `batik-svgrasterizer`.",
"fixed_versions": [
"1.13"
],
"identifier": "CVE-2019-17566",
"identifiers": [
"GHSA-cmx4-p4v5-hmr5",
"CVE-2019-17566"
],
"not_impacted": "All versions starting from 1.13",
"package_slug": "maven/org.apache.xmlgraphics/batik",
"pubdate": "2022-02-09",
"solution": "Upgrade to version 1.13 or above.",
"title": "Server-Side Request Forgery (SSRF)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2019-17566",
"https://github.com/apache/xmlgraphics-batik/commit/bc6078ca949039e2076cd08b4cb169c84c1179b1",
"https://issues.apache.org/jira/browse/BATIK-1276",
"https://lists.apache.org/thread.html/rab94fe68b180d2e2fba97abf6fe1ec83cff826be25f86cd90f047171@%3Ccommits.myfaces.apache.org%3E",
"https://lists.apache.org/thread.html/rcab14a9ec91aa4c151e0729966282920423eff50a22759fd21db6509@%3Ccommits.myfaces.apache.org%3E",
"https://www.oracle.com/security-alerts/cpujan2021.html",
"https://xmlgraphics.apache.org/security.html",
"https://www.oracle.com/security-alerts/cpuApr2021.html",
"https://www.oracle.com//security-alerts/cpujul2021.html",
"https://www.oracle.com/security-alerts/cpuoct2021.html",
"https://www.oracle.com/security-alerts/cpujan2022.html",
"https://github.com/advisories/GHSA-cmx4-p4v5-hmr5"
],
"uuid": "0bb63aab-127c-4ed4-8521-a1d487f84be4"
}
]
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:batik:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8A950107-C093-47B9-81A8-0EB3BEF2671E",
"versionEndExcluding": "1.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A5553591-073B-45E3-999F-21B8BA2EEE22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:business_intelligence:5.5.0.0.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "D40AD626-B23A-44A3-A6C0-1FFB4D647AE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "B602F9E8-1580-436C-A26D-6E6F8121A583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "77C3DD16-1D81-40E1-B312-50FBD275507C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "81DAC8C0-D342-44B5-9432-6B88D389584F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_application_session_controller:3.9m0p2:*:*:*:*:*:*:*",
"matchCriteriaId": "307AD099-8DCA-41D2-A2E8-B54C8963D820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_metasolv_solution:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C55B9382-6FFE-46DF-AD75-16FABFA37229",
"versionEndIncluding": "6.3.1",
"versionStartIncluding": "6.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "49ACFC73-A509-4D1C-8FC3-F68F495AB055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_repository:11.1.1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "69300B13-8C0F-4433-A6E8-B2CE32C4723D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "021014B2-DC51-481C-BCFE-5857EFBDEDDA",
"versionEndIncluding": "8.1.0",
"versionStartIncluding": "8.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA86EF7E-6162-4244-9C88-7AF5CAB787E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hospitality_opera_5:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A1817C30-7B0B-441A-9567-B8DD7C6E646C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hospitality_opera_5:5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "95D6A426-B914-401F-9AB0-5F5E3A3FE138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hyperion_financial_reporting:11.1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0A6675A3-684B-4486-A451-C6688F1C821B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hyperion_financial_reporting:11.2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B321C982-EB68-4160-95DB-590CF8BB6727",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A74FD5F-4FEA-4A74-8B92-72DFDE6BA464",
"versionEndIncluding": "17.3",
"versionStartIncluding": "17.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D47FCCD9-73F5-4BBC-9456-EED314AFC3C6",
"versionEndExcluding": "9.2.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9BB4E4AF-DD15-470D-B437-5913BFFD97E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_integration_bus:15.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA800332-C6B9-4F05-9FB0-72C1040AAFD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE8CF045-09BB-4069-BCEC-496D5AE3B780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "38E74E68-7F19-4EF3-AC00-3C249EAAA39E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_order_management_system_cloud_service:19.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A0C02FB5-59A0-43BC-B3DA-2BB1A1BE5CC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E13DF2AE-F315-4085-9172-6C8B21AF1C9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BDB925C6-2CBC-4D88-B9EA-F246F4F7A206",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the \"xlink:href\" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests."
},
{
"lang": "es",
"value": "Apache Batik es vulnerable a un ataque de tipo server-side request forgery, causada por una comprobaci\u00f3n inapropiada de la entrada por parte de los atributos \"xlink:href\".\u0026#xa0;Al utilizar un argumento especialmente dise\u00f1ado, un atacante podr\u00eda explotar esta vulnerabilidad para causar que el servidor subyacente realice peticiones GET arbitrarias"
}
],
"id": "CVE-2019-17566",
"lastModified": "2024-01-07T11:15:09.727",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-11-12T18:15:12.567",
"references": [
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rab94fe68b180d2e2fba97abf6fe1ec83cff826be25f86cd90f047171%40%3Ccommits.myfaces.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rcab14a9ec91aa4c151e0729966282920423eff50a22759fd21db6509%40%3Ccommits.myfaces.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://security.gentoo.org/glsa/202401-11"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "security@apache.org",
"tags": [
"Vendor Advisory"
],
"url": "https://xmlgraphics.apache.org/security.html"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
}
}
}
OPENSUSE-SU-2020:0851-1
Vulnerability from csaf_opensuse - Published: 2020-06-22 18:18 - Updated: 2020-06-22 18:18Summary
Security update for xmlgraphics-batik
Severity
Moderate
Notes
Title of the patch: Security update for xmlgraphics-batik
Description of the patch: This update for xmlgraphics-batik fixes the following issues:
- CVE-2019-17566: Fixed a SSRF which might have allowed the underlying server to make arbitrary GET requests (bsc#1172961).
This update was imported from the SUSE:SLE-15-SP1:Update update project.
Patchnames: openSUSE-2020-851
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.8 (Medium)
Affected products
Recommended
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:xmlgraphics-batik-1.9-lp151.6.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xmlgraphics-batik-demo-1.9-lp151.6.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xmlgraphics-batik-rasterizer-1.9-lp151.6.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xmlgraphics-batik-slideshow-1.9-lp151.6.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xmlgraphics-batik-squiggle-1.9-lp151.6.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xmlgraphics-batik-svgpp-1.9-lp151.6.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xmlgraphics-batik-ttf2svg-1.9-lp151.6.3.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xmlgraphics-batik",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xmlgraphics-batik fixes the following issues:\n\n- CVE-2019-17566: Fixed a SSRF which might have allowed the underlying server to make arbitrary GET requests (bsc#1172961).\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-851",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_0851-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:0851-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/H26W7GQ5JCRMNMV6QRWEGLVRZVIXK3RB/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:0851-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/H26W7GQ5JCRMNMV6QRWEGLVRZVIXK3RB/"
},
{
"category": "self",
"summary": "SUSE Bug 1172961",
"url": "https://bugzilla.suse.com/1172961"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17566 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17566/"
}
],
"title": "Security update for xmlgraphics-batik",
"tracking": {
"current_release_date": "2020-06-22T18:18:29Z",
"generator": {
"date": "2020-06-22T18:18:29Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:0851-1",
"initial_release_date": "2020-06-22T18:18:29Z",
"revision_history": [
{
"date": "2020-06-22T18:18:29Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xmlgraphics-batik-1.9-lp151.6.3.1.noarch",
"product": {
"name": "xmlgraphics-batik-1.9-lp151.6.3.1.noarch",
"product_id": "xmlgraphics-batik-1.9-lp151.6.3.1.noarch"
}
},
{
"category": "product_version",
"name": "xmlgraphics-batik-demo-1.9-lp151.6.3.1.noarch",
"product": {
"name": "xmlgraphics-batik-demo-1.9-lp151.6.3.1.noarch",
"product_id": "xmlgraphics-batik-demo-1.9-lp151.6.3.1.noarch"
}
},
{
"category": "product_version",
"name": "xmlgraphics-batik-rasterizer-1.9-lp151.6.3.1.noarch",
"product": {
"name": "xmlgraphics-batik-rasterizer-1.9-lp151.6.3.1.noarch",
"product_id": "xmlgraphics-batik-rasterizer-1.9-lp151.6.3.1.noarch"
}
},
{
"category": "product_version",
"name": "xmlgraphics-batik-slideshow-1.9-lp151.6.3.1.noarch",
"product": {
"name": "xmlgraphics-batik-slideshow-1.9-lp151.6.3.1.noarch",
"product_id": "xmlgraphics-batik-slideshow-1.9-lp151.6.3.1.noarch"
}
},
{
"category": "product_version",
"name": "xmlgraphics-batik-squiggle-1.9-lp151.6.3.1.noarch",
"product": {
"name": "xmlgraphics-batik-squiggle-1.9-lp151.6.3.1.noarch",
"product_id": "xmlgraphics-batik-squiggle-1.9-lp151.6.3.1.noarch"
}
},
{
"category": "product_version",
"name": "xmlgraphics-batik-svgpp-1.9-lp151.6.3.1.noarch",
"product": {
"name": "xmlgraphics-batik-svgpp-1.9-lp151.6.3.1.noarch",
"product_id": "xmlgraphics-batik-svgpp-1.9-lp151.6.3.1.noarch"
}
},
{
"category": "product_version",
"name": "xmlgraphics-batik-ttf2svg-1.9-lp151.6.3.1.noarch",
"product": {
"name": "xmlgraphics-batik-ttf2svg-1.9-lp151.6.3.1.noarch",
"product_id": "xmlgraphics-batik-ttf2svg-1.9-lp151.6.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlgraphics-batik-1.9-lp151.6.3.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:xmlgraphics-batik-1.9-lp151.6.3.1.noarch"
},
"product_reference": "xmlgraphics-batik-1.9-lp151.6.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlgraphics-batik-demo-1.9-lp151.6.3.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:xmlgraphics-batik-demo-1.9-lp151.6.3.1.noarch"
},
"product_reference": "xmlgraphics-batik-demo-1.9-lp151.6.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlgraphics-batik-rasterizer-1.9-lp151.6.3.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:xmlgraphics-batik-rasterizer-1.9-lp151.6.3.1.noarch"
},
"product_reference": "xmlgraphics-batik-rasterizer-1.9-lp151.6.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlgraphics-batik-slideshow-1.9-lp151.6.3.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:xmlgraphics-batik-slideshow-1.9-lp151.6.3.1.noarch"
},
"product_reference": "xmlgraphics-batik-slideshow-1.9-lp151.6.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlgraphics-batik-squiggle-1.9-lp151.6.3.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:xmlgraphics-batik-squiggle-1.9-lp151.6.3.1.noarch"
},
"product_reference": "xmlgraphics-batik-squiggle-1.9-lp151.6.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlgraphics-batik-svgpp-1.9-lp151.6.3.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:xmlgraphics-batik-svgpp-1.9-lp151.6.3.1.noarch"
},
"product_reference": "xmlgraphics-batik-svgpp-1.9-lp151.6.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlgraphics-batik-ttf2svg-1.9-lp151.6.3.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:xmlgraphics-batik-ttf2svg-1.9-lp151.6.3.1.noarch"
},
"product_reference": "xmlgraphics-batik-ttf2svg-1.9-lp151.6.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-17566",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17566"
}
],
"notes": [
{
"category": "general",
"text": "Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the \"xlink:href\" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:xmlgraphics-batik-1.9-lp151.6.3.1.noarch",
"openSUSE Leap 15.1:xmlgraphics-batik-demo-1.9-lp151.6.3.1.noarch",
"openSUSE Leap 15.1:xmlgraphics-batik-rasterizer-1.9-lp151.6.3.1.noarch",
"openSUSE Leap 15.1:xmlgraphics-batik-slideshow-1.9-lp151.6.3.1.noarch",
"openSUSE Leap 15.1:xmlgraphics-batik-squiggle-1.9-lp151.6.3.1.noarch",
"openSUSE Leap 15.1:xmlgraphics-batik-svgpp-1.9-lp151.6.3.1.noarch",
"openSUSE Leap 15.1:xmlgraphics-batik-ttf2svg-1.9-lp151.6.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17566",
"url": "https://www.suse.com/security/cve/CVE-2019-17566"
},
{
"category": "external",
"summary": "SUSE Bug 1172961 for CVE-2019-17566",
"url": "https://bugzilla.suse.com/1172961"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:xmlgraphics-batik-1.9-lp151.6.3.1.noarch",
"openSUSE Leap 15.1:xmlgraphics-batik-demo-1.9-lp151.6.3.1.noarch",
"openSUSE Leap 15.1:xmlgraphics-batik-rasterizer-1.9-lp151.6.3.1.noarch",
"openSUSE Leap 15.1:xmlgraphics-batik-slideshow-1.9-lp151.6.3.1.noarch",
"openSUSE Leap 15.1:xmlgraphics-batik-squiggle-1.9-lp151.6.3.1.noarch",
"openSUSE Leap 15.1:xmlgraphics-batik-svgpp-1.9-lp151.6.3.1.noarch",
"openSUSE Leap 15.1:xmlgraphics-batik-ttf2svg-1.9-lp151.6.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:xmlgraphics-batik-1.9-lp151.6.3.1.noarch",
"openSUSE Leap 15.1:xmlgraphics-batik-demo-1.9-lp151.6.3.1.noarch",
"openSUSE Leap 15.1:xmlgraphics-batik-rasterizer-1.9-lp151.6.3.1.noarch",
"openSUSE Leap 15.1:xmlgraphics-batik-slideshow-1.9-lp151.6.3.1.noarch",
"openSUSE Leap 15.1:xmlgraphics-batik-squiggle-1.9-lp151.6.3.1.noarch",
"openSUSE Leap 15.1:xmlgraphics-batik-svgpp-1.9-lp151.6.3.1.noarch",
"openSUSE Leap 15.1:xmlgraphics-batik-ttf2svg-1.9-lp151.6.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-22T18:18:29Z",
"details": "moderate"
}
],
"title": "CVE-2019-17566"
}
]
}
OPENSUSE-SU-2020:1043-1
Vulnerability from csaf_opensuse - Published: 2020-07-23 10:21 - Updated: 2020-07-23 10:21Summary
Security update for xmlgraphics-batik
Severity
Moderate
Notes
Title of the patch: Security update for xmlgraphics-batik
Description of the patch: This update for xmlgraphics-batik fixes the following issues:
- CVE-2019-17566: Fixed a SSRF which might have allowed the underlying server to make arbitrary GET requests (bsc#1172961).
This update was imported from the SUSE:SLE-15-SP1:Update update project.
This update was imported from the openSUSE:Leap:15.1:Update update project.
Patchnames: openSUSE-2020-1043
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.8 (Medium)
Affected products
Recommended
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:xmlgraphics-batik-1.9-bp151.2.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:xmlgraphics-batik-demo-1.9-bp151.2.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:xmlgraphics-batik-rasterizer-1.9-bp151.2.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:xmlgraphics-batik-slideshow-1.9-bp151.2.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:xmlgraphics-batik-squiggle-1.9-bp151.2.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:xmlgraphics-batik-svgpp-1.9-bp151.2.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:xmlgraphics-batik-ttf2svg-1.9-bp151.2.3.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xmlgraphics-batik",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xmlgraphics-batik fixes the following issues:\n\n- CVE-2019-17566: Fixed a SSRF which might have allowed the underlying server to make arbitrary GET requests (bsc#1172961).\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update project.\nThis update was imported from the openSUSE:Leap:15.1:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-1043",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_1043-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:1043-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JIOZHMTGG4ETJEMBNIT3YKEQUXO3JNEJ/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:1043-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JIOZHMTGG4ETJEMBNIT3YKEQUXO3JNEJ/"
},
{
"category": "self",
"summary": "SUSE Bug 1172961",
"url": "https://bugzilla.suse.com/1172961"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17566 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17566/"
}
],
"title": "Security update for xmlgraphics-batik",
"tracking": {
"current_release_date": "2020-07-23T10:21:43Z",
"generator": {
"date": "2020-07-23T10:21:43Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:1043-1",
"initial_release_date": "2020-07-23T10:21:43Z",
"revision_history": [
{
"date": "2020-07-23T10:21:43Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xmlgraphics-batik-1.9-bp151.2.3.1.noarch",
"product": {
"name": "xmlgraphics-batik-1.9-bp151.2.3.1.noarch",
"product_id": "xmlgraphics-batik-1.9-bp151.2.3.1.noarch"
}
},
{
"category": "product_version",
"name": "xmlgraphics-batik-demo-1.9-bp151.2.3.1.noarch",
"product": {
"name": "xmlgraphics-batik-demo-1.9-bp151.2.3.1.noarch",
"product_id": "xmlgraphics-batik-demo-1.9-bp151.2.3.1.noarch"
}
},
{
"category": "product_version",
"name": "xmlgraphics-batik-rasterizer-1.9-bp151.2.3.1.noarch",
"product": {
"name": "xmlgraphics-batik-rasterizer-1.9-bp151.2.3.1.noarch",
"product_id": "xmlgraphics-batik-rasterizer-1.9-bp151.2.3.1.noarch"
}
},
{
"category": "product_version",
"name": "xmlgraphics-batik-slideshow-1.9-bp151.2.3.1.noarch",
"product": {
"name": "xmlgraphics-batik-slideshow-1.9-bp151.2.3.1.noarch",
"product_id": "xmlgraphics-batik-slideshow-1.9-bp151.2.3.1.noarch"
}
},
{
"category": "product_version",
"name": "xmlgraphics-batik-squiggle-1.9-bp151.2.3.1.noarch",
"product": {
"name": "xmlgraphics-batik-squiggle-1.9-bp151.2.3.1.noarch",
"product_id": "xmlgraphics-batik-squiggle-1.9-bp151.2.3.1.noarch"
}
},
{
"category": "product_version",
"name": "xmlgraphics-batik-svgpp-1.9-bp151.2.3.1.noarch",
"product": {
"name": "xmlgraphics-batik-svgpp-1.9-bp151.2.3.1.noarch",
"product_id": "xmlgraphics-batik-svgpp-1.9-bp151.2.3.1.noarch"
}
},
{
"category": "product_version",
"name": "xmlgraphics-batik-ttf2svg-1.9-bp151.2.3.1.noarch",
"product": {
"name": "xmlgraphics-batik-ttf2svg-1.9-bp151.2.3.1.noarch",
"product_id": "xmlgraphics-batik-ttf2svg-1.9-bp151.2.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 15 SP1",
"product": {
"name": "SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlgraphics-batik-1.9-bp151.2.3.1.noarch as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:xmlgraphics-batik-1.9-bp151.2.3.1.noarch"
},
"product_reference": "xmlgraphics-batik-1.9-bp151.2.3.1.noarch",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlgraphics-batik-demo-1.9-bp151.2.3.1.noarch as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:xmlgraphics-batik-demo-1.9-bp151.2.3.1.noarch"
},
"product_reference": "xmlgraphics-batik-demo-1.9-bp151.2.3.1.noarch",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlgraphics-batik-rasterizer-1.9-bp151.2.3.1.noarch as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:xmlgraphics-batik-rasterizer-1.9-bp151.2.3.1.noarch"
},
"product_reference": "xmlgraphics-batik-rasterizer-1.9-bp151.2.3.1.noarch",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlgraphics-batik-slideshow-1.9-bp151.2.3.1.noarch as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:xmlgraphics-batik-slideshow-1.9-bp151.2.3.1.noarch"
},
"product_reference": "xmlgraphics-batik-slideshow-1.9-bp151.2.3.1.noarch",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlgraphics-batik-squiggle-1.9-bp151.2.3.1.noarch as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:xmlgraphics-batik-squiggle-1.9-bp151.2.3.1.noarch"
},
"product_reference": "xmlgraphics-batik-squiggle-1.9-bp151.2.3.1.noarch",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlgraphics-batik-svgpp-1.9-bp151.2.3.1.noarch as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:xmlgraphics-batik-svgpp-1.9-bp151.2.3.1.noarch"
},
"product_reference": "xmlgraphics-batik-svgpp-1.9-bp151.2.3.1.noarch",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlgraphics-batik-ttf2svg-1.9-bp151.2.3.1.noarch as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:xmlgraphics-batik-ttf2svg-1.9-bp151.2.3.1.noarch"
},
"product_reference": "xmlgraphics-batik-ttf2svg-1.9-bp151.2.3.1.noarch",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-17566",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17566"
}
],
"notes": [
{
"category": "general",
"text": "Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the \"xlink:href\" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:xmlgraphics-batik-1.9-bp151.2.3.1.noarch",
"SUSE Package Hub 15 SP1:xmlgraphics-batik-demo-1.9-bp151.2.3.1.noarch",
"SUSE Package Hub 15 SP1:xmlgraphics-batik-rasterizer-1.9-bp151.2.3.1.noarch",
"SUSE Package Hub 15 SP1:xmlgraphics-batik-slideshow-1.9-bp151.2.3.1.noarch",
"SUSE Package Hub 15 SP1:xmlgraphics-batik-squiggle-1.9-bp151.2.3.1.noarch",
"SUSE Package Hub 15 SP1:xmlgraphics-batik-svgpp-1.9-bp151.2.3.1.noarch",
"SUSE Package Hub 15 SP1:xmlgraphics-batik-ttf2svg-1.9-bp151.2.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17566",
"url": "https://www.suse.com/security/cve/CVE-2019-17566"
},
{
"category": "external",
"summary": "SUSE Bug 1172961 for CVE-2019-17566",
"url": "https://bugzilla.suse.com/1172961"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:xmlgraphics-batik-1.9-bp151.2.3.1.noarch",
"SUSE Package Hub 15 SP1:xmlgraphics-batik-demo-1.9-bp151.2.3.1.noarch",
"SUSE Package Hub 15 SP1:xmlgraphics-batik-rasterizer-1.9-bp151.2.3.1.noarch",
"SUSE Package Hub 15 SP1:xmlgraphics-batik-slideshow-1.9-bp151.2.3.1.noarch",
"SUSE Package Hub 15 SP1:xmlgraphics-batik-squiggle-1.9-bp151.2.3.1.noarch",
"SUSE Package Hub 15 SP1:xmlgraphics-batik-svgpp-1.9-bp151.2.3.1.noarch",
"SUSE Package Hub 15 SP1:xmlgraphics-batik-ttf2svg-1.9-bp151.2.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:xmlgraphics-batik-1.9-bp151.2.3.1.noarch",
"SUSE Package Hub 15 SP1:xmlgraphics-batik-demo-1.9-bp151.2.3.1.noarch",
"SUSE Package Hub 15 SP1:xmlgraphics-batik-rasterizer-1.9-bp151.2.3.1.noarch",
"SUSE Package Hub 15 SP1:xmlgraphics-batik-slideshow-1.9-bp151.2.3.1.noarch",
"SUSE Package Hub 15 SP1:xmlgraphics-batik-squiggle-1.9-bp151.2.3.1.noarch",
"SUSE Package Hub 15 SP1:xmlgraphics-batik-svgpp-1.9-bp151.2.3.1.noarch",
"SUSE Package Hub 15 SP1:xmlgraphics-batik-ttf2svg-1.9-bp151.2.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-07-23T10:21:43Z",
"details": "moderate"
}
],
"title": "CVE-2019-17566"
}
]
}
OPENSUSE-SU-2024:11522-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
xmlgraphics-batik-1.14-2.5 on GA media
Severity
Moderate
Notes
Title of the patch: xmlgraphics-batik-1.14-2.5 on GA media
Description of the patch: These are all security issues fixed in the xmlgraphics-batik-1.14-2.5 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-11522
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.8 (Medium)
Affected products
Recommended
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:xmlgraphics-batik-1.14-2.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xmlgraphics-batik-1.14-2.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xmlgraphics-batik-1.14-2.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xmlgraphics-batik-1.14-2.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xmlgraphics-batik-css-1.14-2.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xmlgraphics-batik-css-1.14-2.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xmlgraphics-batik-css-1.14-2.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xmlgraphics-batik-css-1.14-2.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xmlgraphics-batik-demo-1.14-2.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xmlgraphics-batik-demo-1.14-2.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xmlgraphics-batik-demo-1.14-2.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xmlgraphics-batik-demo-1.14-2.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xmlgraphics-batik-javadoc-1.14-2.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xmlgraphics-batik-javadoc-1.14-2.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xmlgraphics-batik-javadoc-1.14-2.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xmlgraphics-batik-javadoc-1.14-2.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xmlgraphics-batik-rasterizer-1.14-2.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xmlgraphics-batik-rasterizer-1.14-2.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xmlgraphics-batik-rasterizer-1.14-2.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xmlgraphics-batik-rasterizer-1.14-2.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xmlgraphics-batik-slideshow-1.14-2.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xmlgraphics-batik-slideshow-1.14-2.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xmlgraphics-batik-slideshow-1.14-2.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xmlgraphics-batik-slideshow-1.14-2.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xmlgraphics-batik-squiggle-1.14-2.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xmlgraphics-batik-squiggle-1.14-2.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xmlgraphics-batik-squiggle-1.14-2.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xmlgraphics-batik-squiggle-1.14-2.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xmlgraphics-batik-svgpp-1.14-2.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xmlgraphics-batik-svgpp-1.14-2.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xmlgraphics-batik-svgpp-1.14-2.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xmlgraphics-batik-svgpp-1.14-2.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xmlgraphics-batik-ttf2svg-1.14-2.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xmlgraphics-batik-ttf2svg-1.14-2.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xmlgraphics-batik-ttf2svg-1.14-2.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xmlgraphics-batik-ttf2svg-1.14-2.5.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
5 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "xmlgraphics-batik-1.14-2.5 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the xmlgraphics-batik-1.14-2.5 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11522",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11522-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17566 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17566/"
}
],
"title": "xmlgraphics-batik-1.14-2.5 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11522-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xmlgraphics-batik-1.14-2.5.aarch64",
"product": {
"name": "xmlgraphics-batik-1.14-2.5.aarch64",
"product_id": "xmlgraphics-batik-1.14-2.5.aarch64"
}
},
{
"category": "product_version",
"name": "xmlgraphics-batik-css-1.14-2.5.aarch64",
"product": {
"name": "xmlgraphics-batik-css-1.14-2.5.aarch64",
"product_id": "xmlgraphics-batik-css-1.14-2.5.aarch64"
}
},
{
"category": "product_version",
"name": "xmlgraphics-batik-demo-1.14-2.5.aarch64",
"product": {
"name": "xmlgraphics-batik-demo-1.14-2.5.aarch64",
"product_id": "xmlgraphics-batik-demo-1.14-2.5.aarch64"
}
},
{
"category": "product_version",
"name": "xmlgraphics-batik-javadoc-1.14-2.5.aarch64",
"product": {
"name": "xmlgraphics-batik-javadoc-1.14-2.5.aarch64",
"product_id": "xmlgraphics-batik-javadoc-1.14-2.5.aarch64"
}
},
{
"category": "product_version",
"name": "xmlgraphics-batik-rasterizer-1.14-2.5.aarch64",
"product": {
"name": "xmlgraphics-batik-rasterizer-1.14-2.5.aarch64",
"product_id": "xmlgraphics-batik-rasterizer-1.14-2.5.aarch64"
}
},
{
"category": "product_version",
"name": "xmlgraphics-batik-slideshow-1.14-2.5.aarch64",
"product": {
"name": "xmlgraphics-batik-slideshow-1.14-2.5.aarch64",
"product_id": "xmlgraphics-batik-slideshow-1.14-2.5.aarch64"
}
},
{
"category": "product_version",
"name": "xmlgraphics-batik-squiggle-1.14-2.5.aarch64",
"product": {
"name": "xmlgraphics-batik-squiggle-1.14-2.5.aarch64",
"product_id": "xmlgraphics-batik-squiggle-1.14-2.5.aarch64"
}
},
{
"category": "product_version",
"name": "xmlgraphics-batik-svgpp-1.14-2.5.aarch64",
"product": {
"name": "xmlgraphics-batik-svgpp-1.14-2.5.aarch64",
"product_id": "xmlgraphics-batik-svgpp-1.14-2.5.aarch64"
}
},
{
"category": "product_version",
"name": "xmlgraphics-batik-ttf2svg-1.14-2.5.aarch64",
"product": {
"name": "xmlgraphics-batik-ttf2svg-1.14-2.5.aarch64",
"product_id": "xmlgraphics-batik-ttf2svg-1.14-2.5.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "xmlgraphics-batik-1.14-2.5.ppc64le",
"product": {
"name": "xmlgraphics-batik-1.14-2.5.ppc64le",
"product_id": "xmlgraphics-batik-1.14-2.5.ppc64le"
}
},
{
"category": "product_version",
"name": "xmlgraphics-batik-css-1.14-2.5.ppc64le",
"product": {
"name": "xmlgraphics-batik-css-1.14-2.5.ppc64le",
"product_id": "xmlgraphics-batik-css-1.14-2.5.ppc64le"
}
},
{
"category": "product_version",
"name": "xmlgraphics-batik-demo-1.14-2.5.ppc64le",
"product": {
"name": "xmlgraphics-batik-demo-1.14-2.5.ppc64le",
"product_id": "xmlgraphics-batik-demo-1.14-2.5.ppc64le"
}
},
{
"category": "product_version",
"name": "xmlgraphics-batik-javadoc-1.14-2.5.ppc64le",
"product": {
"name": "xmlgraphics-batik-javadoc-1.14-2.5.ppc64le",
"product_id": "xmlgraphics-batik-javadoc-1.14-2.5.ppc64le"
}
},
{
"category": "product_version",
"name": "xmlgraphics-batik-rasterizer-1.14-2.5.ppc64le",
"product": {
"name": "xmlgraphics-batik-rasterizer-1.14-2.5.ppc64le",
"product_id": "xmlgraphics-batik-rasterizer-1.14-2.5.ppc64le"
}
},
{
"category": "product_version",
"name": "xmlgraphics-batik-slideshow-1.14-2.5.ppc64le",
"product": {
"name": "xmlgraphics-batik-slideshow-1.14-2.5.ppc64le",
"product_id": "xmlgraphics-batik-slideshow-1.14-2.5.ppc64le"
}
},
{
"category": "product_version",
"name": "xmlgraphics-batik-squiggle-1.14-2.5.ppc64le",
"product": {
"name": "xmlgraphics-batik-squiggle-1.14-2.5.ppc64le",
"product_id": "xmlgraphics-batik-squiggle-1.14-2.5.ppc64le"
}
},
{
"category": "product_version",
"name": "xmlgraphics-batik-svgpp-1.14-2.5.ppc64le",
"product": {
"name": "xmlgraphics-batik-svgpp-1.14-2.5.ppc64le",
"product_id": "xmlgraphics-batik-svgpp-1.14-2.5.ppc64le"
}
},
{
"category": "product_version",
"name": "xmlgraphics-batik-ttf2svg-1.14-2.5.ppc64le",
"product": {
"name": "xmlgraphics-batik-ttf2svg-1.14-2.5.ppc64le",
"product_id": "xmlgraphics-batik-ttf2svg-1.14-2.5.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "xmlgraphics-batik-1.14-2.5.s390x",
"product": {
"name": "xmlgraphics-batik-1.14-2.5.s390x",
"product_id": "xmlgraphics-batik-1.14-2.5.s390x"
}
},
{
"category": "product_version",
"name": "xmlgraphics-batik-css-1.14-2.5.s390x",
"product": {
"name": "xmlgraphics-batik-css-1.14-2.5.s390x",
"product_id": "xmlgraphics-batik-css-1.14-2.5.s390x"
}
},
{
"category": "product_version",
"name": "xmlgraphics-batik-demo-1.14-2.5.s390x",
"product": {
"name": "xmlgraphics-batik-demo-1.14-2.5.s390x",
"product_id": "xmlgraphics-batik-demo-1.14-2.5.s390x"
}
},
{
"category": "product_version",
"name": "xmlgraphics-batik-javadoc-1.14-2.5.s390x",
"product": {
"name": "xmlgraphics-batik-javadoc-1.14-2.5.s390x",
"product_id": "xmlgraphics-batik-javadoc-1.14-2.5.s390x"
}
},
{
"category": "product_version",
"name": "xmlgraphics-batik-rasterizer-1.14-2.5.s390x",
"product": {
"name": "xmlgraphics-batik-rasterizer-1.14-2.5.s390x",
"product_id": "xmlgraphics-batik-rasterizer-1.14-2.5.s390x"
}
},
{
"category": "product_version",
"name": "xmlgraphics-batik-slideshow-1.14-2.5.s390x",
"product": {
"name": "xmlgraphics-batik-slideshow-1.14-2.5.s390x",
"product_id": "xmlgraphics-batik-slideshow-1.14-2.5.s390x"
}
},
{
"category": "product_version",
"name": "xmlgraphics-batik-squiggle-1.14-2.5.s390x",
"product": {
"name": "xmlgraphics-batik-squiggle-1.14-2.5.s390x",
"product_id": "xmlgraphics-batik-squiggle-1.14-2.5.s390x"
}
},
{
"category": "product_version",
"name": "xmlgraphics-batik-svgpp-1.14-2.5.s390x",
"product": {
"name": "xmlgraphics-batik-svgpp-1.14-2.5.s390x",
"product_id": "xmlgraphics-batik-svgpp-1.14-2.5.s390x"
}
},
{
"category": "product_version",
"name": "xmlgraphics-batik-ttf2svg-1.14-2.5.s390x",
"product": {
"name": "xmlgraphics-batik-ttf2svg-1.14-2.5.s390x",
"product_id": "xmlgraphics-batik-ttf2svg-1.14-2.5.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "xmlgraphics-batik-1.14-2.5.x86_64",
"product": {
"name": "xmlgraphics-batik-1.14-2.5.x86_64",
"product_id": "xmlgraphics-batik-1.14-2.5.x86_64"
}
},
{
"category": "product_version",
"name": "xmlgraphics-batik-css-1.14-2.5.x86_64",
"product": {
"name": "xmlgraphics-batik-css-1.14-2.5.x86_64",
"product_id": "xmlgraphics-batik-css-1.14-2.5.x86_64"
}
},
{
"category": "product_version",
"name": "xmlgraphics-batik-demo-1.14-2.5.x86_64",
"product": {
"name": "xmlgraphics-batik-demo-1.14-2.5.x86_64",
"product_id": "xmlgraphics-batik-demo-1.14-2.5.x86_64"
}
},
{
"category": "product_version",
"name": "xmlgraphics-batik-javadoc-1.14-2.5.x86_64",
"product": {
"name": "xmlgraphics-batik-javadoc-1.14-2.5.x86_64",
"product_id": "xmlgraphics-batik-javadoc-1.14-2.5.x86_64"
}
},
{
"category": "product_version",
"name": "xmlgraphics-batik-rasterizer-1.14-2.5.x86_64",
"product": {
"name": "xmlgraphics-batik-rasterizer-1.14-2.5.x86_64",
"product_id": "xmlgraphics-batik-rasterizer-1.14-2.5.x86_64"
}
},
{
"category": "product_version",
"name": "xmlgraphics-batik-slideshow-1.14-2.5.x86_64",
"product": {
"name": "xmlgraphics-batik-slideshow-1.14-2.5.x86_64",
"product_id": "xmlgraphics-batik-slideshow-1.14-2.5.x86_64"
}
},
{
"category": "product_version",
"name": "xmlgraphics-batik-squiggle-1.14-2.5.x86_64",
"product": {
"name": "xmlgraphics-batik-squiggle-1.14-2.5.x86_64",
"product_id": "xmlgraphics-batik-squiggle-1.14-2.5.x86_64"
}
},
{
"category": "product_version",
"name": "xmlgraphics-batik-svgpp-1.14-2.5.x86_64",
"product": {
"name": "xmlgraphics-batik-svgpp-1.14-2.5.x86_64",
"product_id": "xmlgraphics-batik-svgpp-1.14-2.5.x86_64"
}
},
{
"category": "product_version",
"name": "xmlgraphics-batik-ttf2svg-1.14-2.5.x86_64",
"product": {
"name": "xmlgraphics-batik-ttf2svg-1.14-2.5.x86_64",
"product_id": "xmlgraphics-batik-ttf2svg-1.14-2.5.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlgraphics-batik-1.14-2.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xmlgraphics-batik-1.14-2.5.aarch64"
},
"product_reference": "xmlgraphics-batik-1.14-2.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlgraphics-batik-1.14-2.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xmlgraphics-batik-1.14-2.5.ppc64le"
},
"product_reference": "xmlgraphics-batik-1.14-2.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlgraphics-batik-1.14-2.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xmlgraphics-batik-1.14-2.5.s390x"
},
"product_reference": "xmlgraphics-batik-1.14-2.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlgraphics-batik-1.14-2.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xmlgraphics-batik-1.14-2.5.x86_64"
},
"product_reference": "xmlgraphics-batik-1.14-2.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlgraphics-batik-css-1.14-2.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xmlgraphics-batik-css-1.14-2.5.aarch64"
},
"product_reference": "xmlgraphics-batik-css-1.14-2.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlgraphics-batik-css-1.14-2.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xmlgraphics-batik-css-1.14-2.5.ppc64le"
},
"product_reference": "xmlgraphics-batik-css-1.14-2.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlgraphics-batik-css-1.14-2.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xmlgraphics-batik-css-1.14-2.5.s390x"
},
"product_reference": "xmlgraphics-batik-css-1.14-2.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlgraphics-batik-css-1.14-2.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xmlgraphics-batik-css-1.14-2.5.x86_64"
},
"product_reference": "xmlgraphics-batik-css-1.14-2.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlgraphics-batik-demo-1.14-2.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xmlgraphics-batik-demo-1.14-2.5.aarch64"
},
"product_reference": "xmlgraphics-batik-demo-1.14-2.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlgraphics-batik-demo-1.14-2.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xmlgraphics-batik-demo-1.14-2.5.ppc64le"
},
"product_reference": "xmlgraphics-batik-demo-1.14-2.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlgraphics-batik-demo-1.14-2.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xmlgraphics-batik-demo-1.14-2.5.s390x"
},
"product_reference": "xmlgraphics-batik-demo-1.14-2.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlgraphics-batik-demo-1.14-2.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xmlgraphics-batik-demo-1.14-2.5.x86_64"
},
"product_reference": "xmlgraphics-batik-demo-1.14-2.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlgraphics-batik-javadoc-1.14-2.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xmlgraphics-batik-javadoc-1.14-2.5.aarch64"
},
"product_reference": "xmlgraphics-batik-javadoc-1.14-2.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlgraphics-batik-javadoc-1.14-2.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xmlgraphics-batik-javadoc-1.14-2.5.ppc64le"
},
"product_reference": "xmlgraphics-batik-javadoc-1.14-2.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlgraphics-batik-javadoc-1.14-2.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xmlgraphics-batik-javadoc-1.14-2.5.s390x"
},
"product_reference": "xmlgraphics-batik-javadoc-1.14-2.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlgraphics-batik-javadoc-1.14-2.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xmlgraphics-batik-javadoc-1.14-2.5.x86_64"
},
"product_reference": "xmlgraphics-batik-javadoc-1.14-2.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlgraphics-batik-rasterizer-1.14-2.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xmlgraphics-batik-rasterizer-1.14-2.5.aarch64"
},
"product_reference": "xmlgraphics-batik-rasterizer-1.14-2.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlgraphics-batik-rasterizer-1.14-2.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xmlgraphics-batik-rasterizer-1.14-2.5.ppc64le"
},
"product_reference": "xmlgraphics-batik-rasterizer-1.14-2.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlgraphics-batik-rasterizer-1.14-2.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xmlgraphics-batik-rasterizer-1.14-2.5.s390x"
},
"product_reference": "xmlgraphics-batik-rasterizer-1.14-2.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlgraphics-batik-rasterizer-1.14-2.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xmlgraphics-batik-rasterizer-1.14-2.5.x86_64"
},
"product_reference": "xmlgraphics-batik-rasterizer-1.14-2.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlgraphics-batik-slideshow-1.14-2.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xmlgraphics-batik-slideshow-1.14-2.5.aarch64"
},
"product_reference": "xmlgraphics-batik-slideshow-1.14-2.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlgraphics-batik-slideshow-1.14-2.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xmlgraphics-batik-slideshow-1.14-2.5.ppc64le"
},
"product_reference": "xmlgraphics-batik-slideshow-1.14-2.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlgraphics-batik-slideshow-1.14-2.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xmlgraphics-batik-slideshow-1.14-2.5.s390x"
},
"product_reference": "xmlgraphics-batik-slideshow-1.14-2.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlgraphics-batik-slideshow-1.14-2.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xmlgraphics-batik-slideshow-1.14-2.5.x86_64"
},
"product_reference": "xmlgraphics-batik-slideshow-1.14-2.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlgraphics-batik-squiggle-1.14-2.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xmlgraphics-batik-squiggle-1.14-2.5.aarch64"
},
"product_reference": "xmlgraphics-batik-squiggle-1.14-2.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlgraphics-batik-squiggle-1.14-2.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xmlgraphics-batik-squiggle-1.14-2.5.ppc64le"
},
"product_reference": "xmlgraphics-batik-squiggle-1.14-2.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlgraphics-batik-squiggle-1.14-2.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xmlgraphics-batik-squiggle-1.14-2.5.s390x"
},
"product_reference": "xmlgraphics-batik-squiggle-1.14-2.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlgraphics-batik-squiggle-1.14-2.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xmlgraphics-batik-squiggle-1.14-2.5.x86_64"
},
"product_reference": "xmlgraphics-batik-squiggle-1.14-2.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlgraphics-batik-svgpp-1.14-2.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xmlgraphics-batik-svgpp-1.14-2.5.aarch64"
},
"product_reference": "xmlgraphics-batik-svgpp-1.14-2.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlgraphics-batik-svgpp-1.14-2.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xmlgraphics-batik-svgpp-1.14-2.5.ppc64le"
},
"product_reference": "xmlgraphics-batik-svgpp-1.14-2.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlgraphics-batik-svgpp-1.14-2.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xmlgraphics-batik-svgpp-1.14-2.5.s390x"
},
"product_reference": "xmlgraphics-batik-svgpp-1.14-2.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlgraphics-batik-svgpp-1.14-2.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xmlgraphics-batik-svgpp-1.14-2.5.x86_64"
},
"product_reference": "xmlgraphics-batik-svgpp-1.14-2.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlgraphics-batik-ttf2svg-1.14-2.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xmlgraphics-batik-ttf2svg-1.14-2.5.aarch64"
},
"product_reference": "xmlgraphics-batik-ttf2svg-1.14-2.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlgraphics-batik-ttf2svg-1.14-2.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xmlgraphics-batik-ttf2svg-1.14-2.5.ppc64le"
},
"product_reference": "xmlgraphics-batik-ttf2svg-1.14-2.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlgraphics-batik-ttf2svg-1.14-2.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xmlgraphics-batik-ttf2svg-1.14-2.5.s390x"
},
"product_reference": "xmlgraphics-batik-ttf2svg-1.14-2.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlgraphics-batik-ttf2svg-1.14-2.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xmlgraphics-batik-ttf2svg-1.14-2.5.x86_64"
},
"product_reference": "xmlgraphics-batik-ttf2svg-1.14-2.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-17566",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17566"
}
],
"notes": [
{
"category": "general",
"text": "Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the \"xlink:href\" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:xmlgraphics-batik-1.14-2.5.aarch64",
"openSUSE Tumbleweed:xmlgraphics-batik-1.14-2.5.ppc64le",
"openSUSE Tumbleweed:xmlgraphics-batik-1.14-2.5.s390x",
"openSUSE Tumbleweed:xmlgraphics-batik-1.14-2.5.x86_64",
"openSUSE Tumbleweed:xmlgraphics-batik-css-1.14-2.5.aarch64",
"openSUSE Tumbleweed:xmlgraphics-batik-css-1.14-2.5.ppc64le",
"openSUSE Tumbleweed:xmlgraphics-batik-css-1.14-2.5.s390x",
"openSUSE Tumbleweed:xmlgraphics-batik-css-1.14-2.5.x86_64",
"openSUSE Tumbleweed:xmlgraphics-batik-demo-1.14-2.5.aarch64",
"openSUSE Tumbleweed:xmlgraphics-batik-demo-1.14-2.5.ppc64le",
"openSUSE Tumbleweed:xmlgraphics-batik-demo-1.14-2.5.s390x",
"openSUSE Tumbleweed:xmlgraphics-batik-demo-1.14-2.5.x86_64",
"openSUSE Tumbleweed:xmlgraphics-batik-javadoc-1.14-2.5.aarch64",
"openSUSE Tumbleweed:xmlgraphics-batik-javadoc-1.14-2.5.ppc64le",
"openSUSE Tumbleweed:xmlgraphics-batik-javadoc-1.14-2.5.s390x",
"openSUSE Tumbleweed:xmlgraphics-batik-javadoc-1.14-2.5.x86_64",
"openSUSE Tumbleweed:xmlgraphics-batik-rasterizer-1.14-2.5.aarch64",
"openSUSE Tumbleweed:xmlgraphics-batik-rasterizer-1.14-2.5.ppc64le",
"openSUSE Tumbleweed:xmlgraphics-batik-rasterizer-1.14-2.5.s390x",
"openSUSE Tumbleweed:xmlgraphics-batik-rasterizer-1.14-2.5.x86_64",
"openSUSE Tumbleweed:xmlgraphics-batik-slideshow-1.14-2.5.aarch64",
"openSUSE Tumbleweed:xmlgraphics-batik-slideshow-1.14-2.5.ppc64le",
"openSUSE Tumbleweed:xmlgraphics-batik-slideshow-1.14-2.5.s390x",
"openSUSE Tumbleweed:xmlgraphics-batik-slideshow-1.14-2.5.x86_64",
"openSUSE Tumbleweed:xmlgraphics-batik-squiggle-1.14-2.5.aarch64",
"openSUSE Tumbleweed:xmlgraphics-batik-squiggle-1.14-2.5.ppc64le",
"openSUSE Tumbleweed:xmlgraphics-batik-squiggle-1.14-2.5.s390x",
"openSUSE Tumbleweed:xmlgraphics-batik-squiggle-1.14-2.5.x86_64",
"openSUSE Tumbleweed:xmlgraphics-batik-svgpp-1.14-2.5.aarch64",
"openSUSE Tumbleweed:xmlgraphics-batik-svgpp-1.14-2.5.ppc64le",
"openSUSE Tumbleweed:xmlgraphics-batik-svgpp-1.14-2.5.s390x",
"openSUSE Tumbleweed:xmlgraphics-batik-svgpp-1.14-2.5.x86_64",
"openSUSE Tumbleweed:xmlgraphics-batik-ttf2svg-1.14-2.5.aarch64",
"openSUSE Tumbleweed:xmlgraphics-batik-ttf2svg-1.14-2.5.ppc64le",
"openSUSE Tumbleweed:xmlgraphics-batik-ttf2svg-1.14-2.5.s390x",
"openSUSE Tumbleweed:xmlgraphics-batik-ttf2svg-1.14-2.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17566",
"url": "https://www.suse.com/security/cve/CVE-2019-17566"
},
{
"category": "external",
"summary": "SUSE Bug 1172961 for CVE-2019-17566",
"url": "https://bugzilla.suse.com/1172961"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:xmlgraphics-batik-1.14-2.5.aarch64",
"openSUSE Tumbleweed:xmlgraphics-batik-1.14-2.5.ppc64le",
"openSUSE Tumbleweed:xmlgraphics-batik-1.14-2.5.s390x",
"openSUSE Tumbleweed:xmlgraphics-batik-1.14-2.5.x86_64",
"openSUSE Tumbleweed:xmlgraphics-batik-css-1.14-2.5.aarch64",
"openSUSE Tumbleweed:xmlgraphics-batik-css-1.14-2.5.ppc64le",
"openSUSE Tumbleweed:xmlgraphics-batik-css-1.14-2.5.s390x",
"openSUSE Tumbleweed:xmlgraphics-batik-css-1.14-2.5.x86_64",
"openSUSE Tumbleweed:xmlgraphics-batik-demo-1.14-2.5.aarch64",
"openSUSE Tumbleweed:xmlgraphics-batik-demo-1.14-2.5.ppc64le",
"openSUSE Tumbleweed:xmlgraphics-batik-demo-1.14-2.5.s390x",
"openSUSE Tumbleweed:xmlgraphics-batik-demo-1.14-2.5.x86_64",
"openSUSE Tumbleweed:xmlgraphics-batik-javadoc-1.14-2.5.aarch64",
"openSUSE Tumbleweed:xmlgraphics-batik-javadoc-1.14-2.5.ppc64le",
"openSUSE Tumbleweed:xmlgraphics-batik-javadoc-1.14-2.5.s390x",
"openSUSE Tumbleweed:xmlgraphics-batik-javadoc-1.14-2.5.x86_64",
"openSUSE Tumbleweed:xmlgraphics-batik-rasterizer-1.14-2.5.aarch64",
"openSUSE Tumbleweed:xmlgraphics-batik-rasterizer-1.14-2.5.ppc64le",
"openSUSE Tumbleweed:xmlgraphics-batik-rasterizer-1.14-2.5.s390x",
"openSUSE Tumbleweed:xmlgraphics-batik-rasterizer-1.14-2.5.x86_64",
"openSUSE Tumbleweed:xmlgraphics-batik-slideshow-1.14-2.5.aarch64",
"openSUSE Tumbleweed:xmlgraphics-batik-slideshow-1.14-2.5.ppc64le",
"openSUSE Tumbleweed:xmlgraphics-batik-slideshow-1.14-2.5.s390x",
"openSUSE Tumbleweed:xmlgraphics-batik-slideshow-1.14-2.5.x86_64",
"openSUSE Tumbleweed:xmlgraphics-batik-squiggle-1.14-2.5.aarch64",
"openSUSE Tumbleweed:xmlgraphics-batik-squiggle-1.14-2.5.ppc64le",
"openSUSE Tumbleweed:xmlgraphics-batik-squiggle-1.14-2.5.s390x",
"openSUSE Tumbleweed:xmlgraphics-batik-squiggle-1.14-2.5.x86_64",
"openSUSE Tumbleweed:xmlgraphics-batik-svgpp-1.14-2.5.aarch64",
"openSUSE Tumbleweed:xmlgraphics-batik-svgpp-1.14-2.5.ppc64le",
"openSUSE Tumbleweed:xmlgraphics-batik-svgpp-1.14-2.5.s390x",
"openSUSE Tumbleweed:xmlgraphics-batik-svgpp-1.14-2.5.x86_64",
"openSUSE Tumbleweed:xmlgraphics-batik-ttf2svg-1.14-2.5.aarch64",
"openSUSE Tumbleweed:xmlgraphics-batik-ttf2svg-1.14-2.5.ppc64le",
"openSUSE Tumbleweed:xmlgraphics-batik-ttf2svg-1.14-2.5.s390x",
"openSUSE Tumbleweed:xmlgraphics-batik-ttf2svg-1.14-2.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:xmlgraphics-batik-1.14-2.5.aarch64",
"openSUSE Tumbleweed:xmlgraphics-batik-1.14-2.5.ppc64le",
"openSUSE Tumbleweed:xmlgraphics-batik-1.14-2.5.s390x",
"openSUSE Tumbleweed:xmlgraphics-batik-1.14-2.5.x86_64",
"openSUSE Tumbleweed:xmlgraphics-batik-css-1.14-2.5.aarch64",
"openSUSE Tumbleweed:xmlgraphics-batik-css-1.14-2.5.ppc64le",
"openSUSE Tumbleweed:xmlgraphics-batik-css-1.14-2.5.s390x",
"openSUSE Tumbleweed:xmlgraphics-batik-css-1.14-2.5.x86_64",
"openSUSE Tumbleweed:xmlgraphics-batik-demo-1.14-2.5.aarch64",
"openSUSE Tumbleweed:xmlgraphics-batik-demo-1.14-2.5.ppc64le",
"openSUSE Tumbleweed:xmlgraphics-batik-demo-1.14-2.5.s390x",
"openSUSE Tumbleweed:xmlgraphics-batik-demo-1.14-2.5.x86_64",
"openSUSE Tumbleweed:xmlgraphics-batik-javadoc-1.14-2.5.aarch64",
"openSUSE Tumbleweed:xmlgraphics-batik-javadoc-1.14-2.5.ppc64le",
"openSUSE Tumbleweed:xmlgraphics-batik-javadoc-1.14-2.5.s390x",
"openSUSE Tumbleweed:xmlgraphics-batik-javadoc-1.14-2.5.x86_64",
"openSUSE Tumbleweed:xmlgraphics-batik-rasterizer-1.14-2.5.aarch64",
"openSUSE Tumbleweed:xmlgraphics-batik-rasterizer-1.14-2.5.ppc64le",
"openSUSE Tumbleweed:xmlgraphics-batik-rasterizer-1.14-2.5.s390x",
"openSUSE Tumbleweed:xmlgraphics-batik-rasterizer-1.14-2.5.x86_64",
"openSUSE Tumbleweed:xmlgraphics-batik-slideshow-1.14-2.5.aarch64",
"openSUSE Tumbleweed:xmlgraphics-batik-slideshow-1.14-2.5.ppc64le",
"openSUSE Tumbleweed:xmlgraphics-batik-slideshow-1.14-2.5.s390x",
"openSUSE Tumbleweed:xmlgraphics-batik-slideshow-1.14-2.5.x86_64",
"openSUSE Tumbleweed:xmlgraphics-batik-squiggle-1.14-2.5.aarch64",
"openSUSE Tumbleweed:xmlgraphics-batik-squiggle-1.14-2.5.ppc64le",
"openSUSE Tumbleweed:xmlgraphics-batik-squiggle-1.14-2.5.s390x",
"openSUSE Tumbleweed:xmlgraphics-batik-squiggle-1.14-2.5.x86_64",
"openSUSE Tumbleweed:xmlgraphics-batik-svgpp-1.14-2.5.aarch64",
"openSUSE Tumbleweed:xmlgraphics-batik-svgpp-1.14-2.5.ppc64le",
"openSUSE Tumbleweed:xmlgraphics-batik-svgpp-1.14-2.5.s390x",
"openSUSE Tumbleweed:xmlgraphics-batik-svgpp-1.14-2.5.x86_64",
"openSUSE Tumbleweed:xmlgraphics-batik-ttf2svg-1.14-2.5.aarch64",
"openSUSE Tumbleweed:xmlgraphics-batik-ttf2svg-1.14-2.5.ppc64le",
"openSUSE Tumbleweed:xmlgraphics-batik-ttf2svg-1.14-2.5.s390x",
"openSUSE Tumbleweed:xmlgraphics-batik-ttf2svg-1.14-2.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-17566"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…