CVE-2018-8013

Vulnerability from cvelistv5

Published

2018-05-24 16:00

Modified

2024-09-16 23:16

Severity

Summary

In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization.

References

Source	URL	Tags
security@apache.org	http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html	Patch, Third Party Advisory
security@apache.org	http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html	Patch, Third Party Advisory
security@apache.org	http://www.securityfocus.com/bid/104252	Third Party Advisory, VDB Entry
security@apache.org	http://www.securitytracker.com/id/1040995	Third Party Advisory, VDB Entry
security@apache.org	https://lists.apache.org/thread.html/r9e90b4d1cf6ea87a79bb506541140dfbf4801f4463a7cee08126ee44%40%3Ccommits.xmlgraphics.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/rc0a31867796043fbe59113fb654fe8b13309fe04f8935acb8d0fab19%40%3Ccommits.xmlgraphics.apache.org%3E
security@apache.org	https://lists.debian.org/debian-lts-announce/2018/05/msg00016.html	Mailing List, Third Party Advisory
security@apache.org	https://mail-archives.apache.org/mod_mbox/xmlgraphics-batik-dev/201805.mbox/%3c000701d3f28f%24d01860a0%24704921e0%24%40gmail.com%3e
security@apache.org	https://security.gentoo.org/glsa/202401-11
security@apache.org	https://usn.ubuntu.com/3661-1/	Third Party Advisory
security@apache.org	https://www.debian.org/security/2018/dsa-4215	Third Party Advisory
security@apache.org	https://www.oracle.com/security-alerts/cpujul2020.html
security@apache.org	https://www.oracle.com/security-alerts/cpuoct2020.html
security@apache.org	https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html	Patch, Third Party Advisory
security@apache.org	https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html	Patch, Third Party Advisory
security@apache.org	https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
security@apache.org	https://xmlgraphics.apache.org/security.html	Third Party Advisory

Impacted products

Vendor	Product
Apache Software Foundation	Apache Batik

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:46:11.478Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "104252",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104252"
          },
          {
            "name": "[debian-lts-announce] 20180525 [SECURITY] [DLA 1385-1] batik security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00016.html"
          },
          {
            "name": "DSA-4215",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4215"
          },
          {
            "name": "USN-3661-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3661-1/"
          },
          {
            "name": "[xmlgraphics-batik-dev] 20180523 [CVE-2018-8013] Apache Batik information disclosure vulnerability",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://mail-archives.apache.org/mod_mbox/xmlgraphics-batik-dev/201805.mbox/%3c000701d3f28f%24d01860a0%24704921e0%24%40gmail.com%3e"
          },
          {
            "name": "1040995",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040995"
          },
          {
            "name": "[xmlgraphics-commits] 20200615 svn commit: r1878851 - /xmlgraphics/site/trunk/content/security.mdtext",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r9e90b4d1cf6ea87a79bb506541140dfbf4801f4463a7cee08126ee44%40%3Ccommits.xmlgraphics.apache.org%3E"
          },
          {
            "name": "[xmlgraphics-commits] 20200615 svn commit: r1878850 - /xmlgraphics/site/trunk/content/security.mdtext",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rc0a31867796043fbe59113fb654fe8b13309fe04f8935acb8d0fab19%40%3Ccommits.xmlgraphics.apache.org%3E"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://xmlgraphics.apache.org/security.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "name": "GLSA-202401-11",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202401-11"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache Batik",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "1.0 - 1.9.1"
            }
          ]
        }
      ],
      "datePublic": "2018-05-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-07T11:06:17.409115",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "name": "104252",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/104252"
        },
        {
          "name": "[debian-lts-announce] 20180525 [SECURITY] [DLA 1385-1] batik security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00016.html"
        },
        {
          "name": "DSA-4215",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4215"
        },
        {
          "name": "USN-3661-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://usn.ubuntu.com/3661-1/"
        },
        {
          "name": "[xmlgraphics-batik-dev] 20180523 [CVE-2018-8013] Apache Batik information disclosure vulnerability",
          "tags": [
            "mailing-list"
          ],
          "url": "https://mail-archives.apache.org/mod_mbox/xmlgraphics-batik-dev/201805.mbox/%3c000701d3f28f%24d01860a0%24704921e0%24%40gmail.com%3e"
        },
        {
          "name": "1040995",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1040995"
        },
        {
          "name": "[xmlgraphics-commits] 20200615 svn commit: r1878851 - /xmlgraphics/site/trunk/content/security.mdtext",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r9e90b4d1cf6ea87a79bb506541140dfbf4801f4463a7cee08126ee44%40%3Ccommits.xmlgraphics.apache.org%3E"
        },
        {
          "name": "[xmlgraphics-commits] 20200615 svn commit: r1878850 - /xmlgraphics/site/trunk/content/security.mdtext",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/rc0a31867796043fbe59113fb654fe8b13309fe04f8935acb8d0fab19%40%3Ccommits.xmlgraphics.apache.org%3E"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
        },
        {
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
        },
        {
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        },
        {
          "url": "https://xmlgraphics.apache.org/security.html"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "name": "GLSA-202401-11",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202401-11"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2018-8013",
    "datePublished": "2018-05-24T16:00:00Z",
    "dateReserved": "2018-03-09T00:00:00",
    "dateUpdated": "2024-09-16T23:16:36.073Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-8013\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2018-05-24T16:29:00.380\",\"lastModified\":\"2024-01-07T11:15:09.053\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization.\"},{\"lang\":\"es\",\"value\":\"En Apache Batik en versiones 1.x anteriores a la 1.10, cuando se deserializa la subclase de \\\"AbstractDocument\\\", la clase toma una cadena de inputStream como el nombre de clase y lo emplea para llamar al constructor no-arg de la clase. La soluci\u00f3n fue comprobar el tipo de clase antes de llamar a newInstance durante la deserializaci\u00f3n.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":7.5},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-502\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:batik:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0\",\"versionEndExcluding\":\"1.10\",\"matchCriteriaId\":\"2CABC1E2-FFB0-483A-9440-A249434A43D3\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16F59A04-14CF-49E2-9973-645477EA09DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"B5A6F2F3-4894-4392-8296-3B8DD2679084\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:business_intelligence:11.1.1.7.0:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"D18D8F82-D325-402B-BF46-3C5C27C95091\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:business_intelligence:11.1.1.9.0:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"523CD57C-43D4-4C79-BA00-A9A65C6588E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"77C3DD16-1D81-40E1-B312-50FBD275507C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"81DAC8C0-D342-44B5-9432-6B88D389584F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.3\",\"matchCriteriaId\":\"CF5A0F0D-313D-4F5C-AD6D-8C118D5CD8D8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_metasolv_solution:6.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0912F464-5F38-4BBB-9E68-65CE34306E7C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.2\",\"matchCriteriaId\":\"77120A3C-9A48-45FC-A620-5072AF325ACF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9901F6BA-78D5-45B8-9409-07FF1C6DDD38\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_repository:11.1.1.7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"69300B13-8C0F-4433-A6E8-B2CE32C4723D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_repository:12.1.3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F9E13DD9-F456-4802-84AD-A2A1F12FE999\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.3.3.0.0\",\"versionEndIncluding\":\"7.3.3.0.2\",\"matchCriteriaId\":\"6E3469D7-69E4-4242-B45A-C0CD9E691C4A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0.0.0\",\"versionEndIncluding\":\"8.0.7.1.0\",\"matchCriteriaId\":\"011267E2-A8C7-4FB7-B96A-BCCFCDA7E903\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D151B58F-5583-4F19-B225-80075B45441B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7D665C9-408A-4039-A2D4-9EE565BC4656\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"82EA4BA7-C38B-4AF3-8914-9E3D089EBDD4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B9C9BC66-FA5F-4774-9BDA-7AB88E2839C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F69B9A5-F21B-4904-9F27-95C0F7A628E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_calculation_engine:10.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CEE4B2F0-1AAB-4A1F-AE86-A568D43891B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_calculation_engine:10.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C79B50C2-27C2-4A9C-ACEE-B70015283F58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC3BC82E-4780-4D10-B424-6CD9EFD0F2C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"12047B25-F234-4562-9943-63E47EF32684\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"41684398-18A4-4DC6-B8A2-3EBAA0CBF9A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_back_office:13.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56745BD2-4BAE-407F-A926-396614CED669\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_back_office:13.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8341F73-256B-4FB8-B02D-CCCDACC63662\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_back_office:14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BBC0EBF9-AA2F-481A-AA40-D26DA31707A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0735989-13BD-40B3-B954-AC0529C5B53D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"58405263-E84C-4071-BB23-165D49034A00\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_integration_bus:17.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A8B4FBF-94C5-449C-8D66-636C894B43DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_order_broker:5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EAA4DF85-9225-4422-BF10-D7DAE7DCE007\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_order_broker:5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77C2A2A4-285B-40A1-B9AD-42219D742DD4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE8CF045-09BB-4069-BCEC-496D5AE3B780\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38E74E68-7F19-4EF3-AC00-3C249EAAA39E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_point-of-service:13.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B4B26A00-9891-4524-9F85-AC5C91E58C26\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_point-of-service:14.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"237968A4-AE89-44DC-8BA3-D9651F88883D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E13DF2AE-F315-4085-9172-6C8B21AF1C9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BDB925C6-2CBC-4D88-B9EA-F246F4F7A206\"}]}]}],\"references\":[{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/104252\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1040995\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://lists.apache.org/thread.html/r9e90b4d1cf6ea87a79bb506541140dfbf4801f4463a7cee08126ee44%40%3Ccommits.xmlgraphics.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rc0a31867796043fbe59113fb654fe8b13309fe04f8935acb8d0fab19%40%3Ccommits.xmlgraphics.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/05/msg00016.html\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://mail-archives.apache.org/mod_mbox/xmlgraphics-batik-dev/201805.mbox/%3c000701d3f28f%24d01860a0%24704921e0%24%40gmail.com%3e\",\"source\":\"security@apache.org\"},{\"url\":\"https://security.gentoo.org/glsa/202401-11\",\"source\":\"security@apache.org\"},{\"url\":\"https://usn.ubuntu.com/3661-1/\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4215\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2020.html\",\"source\":\"security@apache.org\"},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2020.html\",\"source\":\"security@apache.org\"},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\",\"source\":\"security@apache.org\"},{\"url\":\"https://xmlgraphics.apache.org/security.html\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

gsd-2018-8013

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2018-8013

Aliases

CVE-2018-8013

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-8013",
    "description": "In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization.",
    "id": "GSD-2018-8013",
    "references": [
      "https://www.suse.com/security/cve/CVE-2018-8013.html",
      "https://www.debian.org/security/2018/dsa-4215",
      "https://ubuntu.com/security/CVE-2018-8013"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-8013"
      ],
      "details": "In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization.",
      "id": "GSD-2018-8013",
      "modified": "2023-12-13T01:22:34.731417Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@apache.org",
        "DATE_PUBLIC": "2018-05-23T00:00:00",
        "ID": "CVE-2018-8013",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Apache Batik",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "1.0 - 1.9.1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apache Software Foundation"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Information Disclosure"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "104252",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/104252"
          },
          {
            "name": "[debian-lts-announce] 20180525 [SECURITY] [DLA 1385-1] batik security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00016.html"
          },
          {
            "name": "DSA-4215",
            "refsource": "DEBIAN",
            "url": "https://www.debian.org/security/2018/dsa-4215"
          },
          {
            "name": "USN-3661-1",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/3661-1/"
          },
          {
            "name": "[xmlgraphics-batik-dev] 20180523 [CVE-2018-8013] Apache Batik information disclosure vulnerability",
            "refsource": "MLIST",
            "url": "https://mail-archives.apache.org/mod_mbox/xmlgraphics-batik-dev/201805.mbox/%3c000701d3f28f$d01860a0$704921e0$@gmail.com%3e"
          },
          {
            "name": "1040995",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1040995"
          },
          {
            "name": "[xmlgraphics-commits] 20200615 svn commit: r1878851 - /xmlgraphics/site/trunk/content/security.mdtext",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r9e90b4d1cf6ea87a79bb506541140dfbf4801f4463a7cee08126ee44@%3Ccommits.xmlgraphics.apache.org%3E"
          },
          {
            "name": "[xmlgraphics-commits] 20200615 svn commit: r1878850 - /xmlgraphics/site/trunk/content/security.mdtext",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/rc0a31867796043fbe59113fb654fe8b13309fe04f8935acb8d0fab19@%3Ccommits.xmlgraphics.apache.org%3E"
          },
          {
            "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
            "refsource": "CONFIRM",
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
          },
          {
            "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
            "refsource": "CONFIRM",
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
          },
          {
            "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
            "refsource": "CONFIRM",
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
          },
          {
            "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
          },
          {
            "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "name": "https://xmlgraphics.apache.org/security.html",
            "refsource": "CONFIRM",
            "url": "https://xmlgraphics.apache.org/security.html"
          },
          {
            "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "name": "GLSA-202401-11",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/202401-11"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "[1.0,1.9.1]",
          "affected_versions": "All versions starting from 1.0 up to 1.9.1",
          "cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-502",
            "CWE-937"
          ],
          "date": "2022-06-29",
          "description": "In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization.",
          "fixed_versions": [
            "1.10"
          ],
          "identifier": "CVE-2018-8013",
          "identifiers": [
            "GHSA-25gw-4pcc-45cf",
            "CVE-2018-8013"
          ],
          "not_impacted": "All versions before 1.0, all versions after 1.9.1",
          "package_slug": "maven/org.apache.xmlgraphics/batik-dom",
          "pubdate": "2022-05-13",
          "solution": "Upgrade to version 1.10 or above.",
          "title": "Deserialization of Untrusted Data",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2018-8013",
            "https://lists.apache.org/thread.html/r9e90b4d1cf6ea87a79bb506541140dfbf4801f4463a7cee08126ee44@%3Ccommits.xmlgraphics.apache.org%3E",
            "https://lists.apache.org/thread.html/rc0a31867796043fbe59113fb654fe8b13309fe04f8935acb8d0fab19@%3Ccommits.xmlgraphics.apache.org%3E",
            "https://lists.debian.org/debian-lts-announce/2018/05/msg00016.html",
            "https://mail-archives.apache.org/mod_mbox/xmlgraphics-batik-dev/201805.mbox/%3c000701d3f28f$d01860a0$704921e0$@gmail.com%3e",
            "https://usn.ubuntu.com/3661-1/",
            "https://www.debian.org/security/2018/dsa-4215",
            "https://www.oracle.com/security-alerts/cpujul2020.html",
            "https://www.oracle.com/security-alerts/cpuoct2020.html",
            "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
            "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
            "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
            "https://xmlgraphics.apache.org/security.html",
            "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
            "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
            "http://www.securityfocus.com/bid/104252",
            "http://www.securitytracker.com/id/1040995",
            "https://github.com/advisories/GHSA-25gw-4pcc-45cf"
          ],
          "uuid": "fdcc3dbc-577d-453a-b762-0e724a4b9f24"
        },
        {
          "affected_range": "(,0)",
          "affected_versions": "All versions starting from 1.0 up to 1.9.1",
          "cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-502",
            "CWE-937"
          ],
          "date": "2023-06-14",
          "description": "This advisory has been moved to `batik-dom`.",
          "fixed_versions": [
            "1.10"
          ],
          "identifier": "CVE-2018-8013",
          "identifiers": [
            "GHSA-25gw-4pcc-45cf",
            "CVE-2018-8013"
          ],
          "not_impacted": "All versions before 1.0, all versions after 1.9.1",
          "package_slug": "maven/org.apache.xmlgraphics/batik",
          "pubdate": "2022-05-13",
          "solution": "Upgrade to version 1.10 or above.",
          "title": "Deserialization of Untrusted Data",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2018-8013",
            "https://lists.apache.org/thread.html/r9e90b4d1cf6ea87a79bb506541140dfbf4801f4463a7cee08126ee44@%3Ccommits.xmlgraphics.apache.org%3E",
            "https://lists.apache.org/thread.html/rc0a31867796043fbe59113fb654fe8b13309fe04f8935acb8d0fab19@%3Ccommits.xmlgraphics.apache.org%3E",
            "https://lists.debian.org/debian-lts-announce/2018/05/msg00016.html",
            "https://mail-archives.apache.org/mod_mbox/xmlgraphics-batik-dev/201805.mbox/%3c000701d3f28f$d01860a0$704921e0$@gmail.com%3e",
            "https://usn.ubuntu.com/3661-1/",
            "https://www.debian.org/security/2018/dsa-4215",
            "https://www.oracle.com/security-alerts/cpujul2020.html",
            "https://www.oracle.com/security-alerts/cpuoct2020.html",
            "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
            "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
            "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
            "https://xmlgraphics.apache.org/security.html",
            "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
            "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
            "http://www.securityfocus.com/bid/104252",
            "http://www.securitytracker.com/id/1040995",
            "https://github.com/advisories/GHSA-25gw-4pcc-45cf"
          ],
          "uuid": "b33fa444-5046-47e0-a678-fa1fbcd1540f"
        }
      ]
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:apache:batik:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "2CABC1E2-FFB0-483A-9440-A249434A43D3",
                    "versionEndExcluding": "1.10",
                    "versionStartIncluding": "1.0",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
                    "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:oracle:business_intelligence:11.1.1.7.0:*:*:*:enterprise:*:*:*",
                    "matchCriteriaId": "D18D8F82-D325-402B-BF46-3C5C27C95091",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:business_intelligence:11.1.1.9.0:*:*:*:enterprise:*:*:*",
                    "matchCriteriaId": "523CD57C-43D4-4C79-BA00-A9A65C6588E3",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*",
                    "matchCriteriaId": "77C3DD16-1D81-40E1-B312-50FBD275507C",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*",
                    "matchCriteriaId": "81DAC8C0-D342-44B5-9432-6B88D389584F",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "CF5A0F0D-313D-4F5C-AD6D-8C118D5CD8D8",
                    "versionEndExcluding": "8.3",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:communications_metasolv_solution:6.3.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "0912F464-5F38-4BBB-9E68-65CE34306E7C",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "77120A3C-9A48-45FC-A620-5072AF325ACF",
                    "versionEndExcluding": "7.2",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "9901F6BA-78D5-45B8-9409-07FF1C6DDD38",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:enterprise_repository:11.1.1.7.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "69300B13-8C0F-4433-A6E8-B2CE32C4723D",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:enterprise_repository:12.1.3.0.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "F9E13DD9-F456-4802-84AD-A2A1F12FE999",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "6E3469D7-69E4-4242-B45A-C0CD9E691C4A",
                    "versionEndIncluding": "7.3.3.0.2",
                    "versionStartIncluding": "7.3.3.0.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "011267E2-A8C7-4FB7-B96A-BCCFCDA7E903",
                    "versionEndIncluding": "8.0.7.1.0",
                    "versionStartIncluding": "8.0.0.0.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.2:*:*:*:*:*:*:*",
                    "matchCriteriaId": "D151B58F-5583-4F19-B225-80075B45441B",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3:*:*:*:*:*:*:*",
                    "matchCriteriaId": "C7D665C9-408A-4039-A2D4-9EE565BC4656",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "82EA4BA7-C38B-4AF3-8914-9E3D089EBDD4",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*",
                    "matchCriteriaId": "B9C9BC66-FA5F-4774-9BDA-7AB88E2839C4",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*",
                    "matchCriteriaId": "7F69B9A5-F21B-4904-9F27-95C0F7A628E3",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:insurance_calculation_engine:10.1.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "CEE4B2F0-1AAB-4A1F-AE86-A568D43891B3",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:insurance_calculation_engine:10.2.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "C79B50C2-27C2-4A9C-ACEE-B70015283F58",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "DC3BC82E-4780-4D10-B424-6CD9EFD0F2C4",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2:*:*:*:*:*:*:*",
                    "matchCriteriaId": "12047B25-F234-4562-9943-63E47EF32684",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*",
                    "matchCriteriaId": "41684398-18A4-4DC6-B8A2-3EBAA0CBF9A6",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:retail_back_office:13.3:*:*:*:*:*:*:*",
                    "matchCriteriaId": "56745BD2-4BAE-407F-A926-396614CED669",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:retail_back_office:13.4:*:*:*:*:*:*:*",
                    "matchCriteriaId": "A8341F73-256B-4FB8-B02D-CCCDACC63662",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:retail_back_office:14:*:*:*:*:*:*:*",
                    "matchCriteriaId": "BBC0EBF9-AA2F-481A-AA40-D26DA31707A3",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "F0735989-13BD-40B3-B954-AC0529C5B53D",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "58405263-E84C-4071-BB23-165D49034A00",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:retail_integration_bus:17.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "8A8B4FBF-94C5-449C-8D66-636C894B43DB",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:retail_order_broker:5.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "EAA4DF85-9225-4422-BF10-D7DAE7DCE007",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:retail_order_broker:5.2:*:*:*:*:*:*:*",
                    "matchCriteriaId": "77C2A2A4-285B-40A1-B9AD-42219D742DD4",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "EE8CF045-09BB-4069-BCEC-496D5AE3B780",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "38E74E68-7F19-4EF3-AC00-3C249EAAA39E",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:retail_point-of-service:13.4:*:*:*:*:*:*:*",
                    "matchCriteriaId": "B4B26A00-9891-4524-9F85-AC5C91E58C26",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:retail_point-of-service:14.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "237968A4-AE89-44DC-8BA3-D9651F88883D",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "E13DF2AE-F315-4085-9172-6C8B21AF1C9E",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "BDB925C6-2CBC-4D88-B9EA-F246F4F7A206",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization."
          },
          {
            "lang": "es",
            "value": "En Apache Batik en versiones 1.x anteriores a la 1.10, cuando se deserializa la subclase de \"AbstractDocument\", la clase toma una cadena de inputStream como el nombre de clase y lo emplea para llamar al constructor no-arg de la clase. La soluci\u00f3n fue comprobar el tipo de clase antes de llamar a newInstance durante la deserializaci\u00f3n."
          }
        ],
        "id": "CVE-2018-8013",
        "lastModified": "2024-01-07T11:15:09.053",
        "metrics": {
          "cvssMetricV2": [
            {
              "acInsufInfo": false,
              "baseSeverity": "HIGH",
              "cvssData": {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "integrityImpact": "PARTIAL",
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              "exploitabilityScore": 10.0,
              "impactScore": 6.4,
              "obtainAllPrivilege": false,
              "obtainOtherPrivilege": false,
              "obtainUserPrivilege": false,
              "source": "nvd@nist.gov",
              "type": "Primary",
              "userInteractionRequired": false
            }
          ],
          "cvssMetricV30": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 5.9,
              "source": "nvd@nist.gov",
              "type": "Primary"
            }
          ]
        },
        "published": "2018-05-24T16:29:00.380",
        "references": [
          {
            "source": "security@apache.org",
            "tags": [
              "Patch",
              "Third Party Advisory"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
          },
          {
            "source": "security@apache.org",
            "tags": [
              "Patch",
              "Third Party Advisory"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
          },
          {
            "source": "security@apache.org",
            "tags": [
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "http://www.securityfocus.com/bid/104252"
          },
          {
            "source": "security@apache.org",
            "tags": [
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "http://www.securitytracker.com/id/1040995"
          },
          {
            "source": "security@apache.org",
            "url": "https://lists.apache.org/thread.html/r9e90b4d1cf6ea87a79bb506541140dfbf4801f4463a7cee08126ee44%40%3Ccommits.xmlgraphics.apache.org%3E"
          },
          {
            "source": "security@apache.org",
            "url": "https://lists.apache.org/thread.html/rc0a31867796043fbe59113fb654fe8b13309fe04f8935acb8d0fab19%40%3Ccommits.xmlgraphics.apache.org%3E"
          },
          {
            "source": "security@apache.org",
            "tags": [
              "Mailing List",
              "Third Party Advisory"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00016.html"
          },
          {
            "source": "security@apache.org",
            "url": "https://mail-archives.apache.org/mod_mbox/xmlgraphics-batik-dev/201805.mbox/%3c000701d3f28f%24d01860a0%24704921e0%24%40gmail.com%3e"
          },
          {
            "source": "security@apache.org",
            "url": "https://security.gentoo.org/glsa/202401-11"
          },
          {
            "source": "security@apache.org",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://usn.ubuntu.com/3661-1/"
          },
          {
            "source": "security@apache.org",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4215"
          },
          {
            "source": "security@apache.org",
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "source": "security@apache.org",
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "source": "security@apache.org",
            "tags": [
              "Patch",
              "Third Party Advisory"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
          },
          {
            "source": "security@apache.org",
            "tags": [
              "Patch",
              "Third Party Advisory"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
          },
          {
            "source": "security@apache.org",
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "source": "security@apache.org",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://xmlgraphics.apache.org/security.html"
          }
        ],
        "sourceIdentifier": "security@apache.org",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-502"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

ghsa-25gw-4pcc-45cf

Vulnerability from github

Published

2022-05-13 01:14

Modified

2024-03-04 23:13

Severity

9.8 (Critical) - CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Deserialization of Untrusted Data in Apache Batik

Details

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.9.1"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.xmlgraphics:batik"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.0"
            },
            {
              "fixed": "1.10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2018-8013"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-502"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-06-29T18:57:27Z",
    "nvd_published_at": "2018-05-24T16:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization.",
  "id": "GHSA-25gw-4pcc-45cf",
  "modified": "2024-03-04T23:13:20Z",
  "published": "2022-05-13T01:14:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8013"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/xmlgraphics-batik/commit/f91125b26a6ca2b7a1195f1842360bed03629839"
    },
    {
      "type": "WEB",
      "url": "https://xmlgraphics.apache.org/security.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2018/dsa-4215"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3661-1"
    },
    {
      "type": "WEB",
      "url": "https://ubuntu.com/security/CVE-2018-8013"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202401-11"
    },
    {
      "type": "WEB",
      "url": "https://mail-archives.apache.org/mod_mbox/xmlgraphics-batik-dev/201805.mbox/%3c000701d3f28f%24d01860a0%24704921e0%24%40gmail.com%3e"
    },
    {
      "type": "WEB",
      "url": "https://mail-archives.apache.org/mod_mbox/xmlgraphics-batik-dev/201805.mbox/%3c000701d3f28f$d01860a0$704921e0$@gmail.com%3e"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00016.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rc0a31867796043fbe59113fb654fe8b13309fe04f8935acb8d0fab19@%3Ccommits.xmlgraphics.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rc0a31867796043fbe59113fb654fe8b13309fe04f8935acb8d0fab19%40%3Ccommits.xmlgraphics.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r9e90b4d1cf6ea87a79bb506541140dfbf4801f4463a7cee08126ee44@%3Ccommits.xmlgraphics.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r9e90b4d1cf6ea87a79bb506541140dfbf4801f4463a7cee08126ee44%40%3Ccommits.xmlgraphics.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://issues.apache.org/jira/browse/BATIK-1222"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/104252"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1040995"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Deserialization of Untrusted Data in Apache Batik"
}

wid-sec-w-2023-0027

Vulnerability from csaf_certbund

Published

2023-01-04 23:00

Modified

2023-02-23 23:00

Summary

IBM Tivoli Network Manager: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

IBM Tivoli Network Manager ist eine Netzanalysesoftware für das Management komplexer Netze. Diese Software erfasst und verteilt Layer-2- und Layer-3-Netzdaten.

Angriff

Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in IBM Tivoli Network Manager ausnutzen, um Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und nicht spezifizierte Auswirkungen zu verursachen.

Betroffene Betriebssysteme

- Linux - Sonstiges

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "IBM Tivoli Network Manager ist eine Netzanalysesoftware f\u00fcr das Management komplexer Netze. Diese Software erfasst und verteilt Layer-2- und Layer-3-Netzdaten.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in IBM Tivoli Network Manager ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und nicht spezifizierte Auswirkungen zu verursachen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-0027 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0027.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-0027 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0027"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 6958056 vom 2023-02-24",
        "url": "https://www.ibm.com/support/pages/node/6958056"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-01-04",
        "url": "https://www.ibm.com/support/pages/node/6852633"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-01-04",
        "url": "https://www.ibm.com/support/pages/node/6852613"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-01-04",
        "url": "https://www.ibm.com/support/pages/node/6852611"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-01-04",
        "url": "https://www.ibm.com/support/pages/node/6852609"
      }
    ],
    "source_lang": "en-US",
    "title": "IBM Tivoli Network Manager: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-02-23T23:00:00.000+00:00",
      "generator": {
        "date": "2024-02-15T17:08:37.524+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.0"
        }
      },
      "id": "WID-SEC-W-2023-0027",
      "initial_release_date": "2023-01-04T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-01-04T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-02-23T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von IBM aufgenommen"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "IBM Tivoli Network Manager \u003c= 4.2.0.15",
                "product": {
                  "name": "IBM Tivoli Network Manager \u003c= 4.2.0.15",
                  "product_id": "T024051",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:tivoli_network_manager:4.2.0.15"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "IBM Tivoli Network Manager 4.2.0",
                "product": {
                  "name": "IBM Tivoli Network Manager 4.2.0",
                  "product_id": "T025751",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:tivoli_network_manager:4.2.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Tivoli Network Manager"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-24823",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen in verschiedenen Komponenten von Drittanbietern wie Google Web Toolkit, Eclipse BIRT, Apache Batik, Apache Derby, Eclipse Equinox, FasterXML jackson-databind, Eclipse Jetty, Netty und JDBC. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und nicht spezifizierte Auswirkungen zu verursachen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025751"
        ],
        "last_affected": [
          "T024051"
        ]
      },
      "release_date": "2023-01-04T23:00:00Z",
      "title": "CVE-2022-24823"
    },
    {
      "cve": "CVE-2022-2048",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen in verschiedenen Komponenten von Drittanbietern wie Google Web Toolkit, Eclipse BIRT, Apache Batik, Apache Derby, Eclipse Equinox, FasterXML jackson-databind, Eclipse Jetty, Netty und JDBC. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und nicht spezifizierte Auswirkungen zu verursachen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025751"
        ],
        "last_affected": [
          "T024051"
        ]
      },
      "release_date": "2023-01-04T23:00:00Z",
      "title": "CVE-2022-2048"
    },
    {
      "cve": "CVE-2022-2047",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen in verschiedenen Komponenten von Drittanbietern wie Google Web Toolkit, Eclipse BIRT, Apache Batik, Apache Derby, Eclipse Equinox, FasterXML jackson-databind, Eclipse Jetty, Netty und JDBC. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und nicht spezifizierte Auswirkungen zu verursachen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025751"
        ],
        "last_affected": [
          "T024051"
        ]
      },
      "release_date": "2023-01-04T23:00:00Z",
      "title": "CVE-2022-2047"
    },
    {
      "cve": "CVE-2021-41033",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen in verschiedenen Komponenten von Drittanbietern wie Google Web Toolkit, Eclipse BIRT, Apache Batik, Apache Derby, Eclipse Equinox, FasterXML jackson-databind, Eclipse Jetty, Netty und JDBC. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und nicht spezifizierte Auswirkungen zu verursachen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025751"
        ],
        "last_affected": [
          "T024051"
        ]
      },
      "release_date": "2023-01-04T23:00:00Z",
      "title": "CVE-2021-41033"
    },
    {
      "cve": "CVE-2020-36518",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen in verschiedenen Komponenten von Drittanbietern wie Google Web Toolkit, Eclipse BIRT, Apache Batik, Apache Derby, Eclipse Equinox, FasterXML jackson-databind, Eclipse Jetty, Netty und JDBC. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und nicht spezifizierte Auswirkungen zu verursachen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025751"
        ],
        "last_affected": [
          "T024051"
        ]
      },
      "release_date": "2023-01-04T23:00:00Z",
      "title": "CVE-2020-36518"
    },
    {
      "cve": "CVE-2020-11987",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen in verschiedenen Komponenten von Drittanbietern wie Google Web Toolkit, Eclipse BIRT, Apache Batik, Apache Derby, Eclipse Equinox, FasterXML jackson-databind, Eclipse Jetty, Netty und JDBC. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und nicht spezifizierte Auswirkungen zu verursachen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025751"
        ],
        "last_affected": [
          "T024051"
        ]
      },
      "release_date": "2023-01-04T23:00:00Z",
      "title": "CVE-2020-11987"
    },
    {
      "cve": "CVE-2019-17566",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen in verschiedenen Komponenten von Drittanbietern wie Google Web Toolkit, Eclipse BIRT, Apache Batik, Apache Derby, Eclipse Equinox, FasterXML jackson-databind, Eclipse Jetty, Netty und JDBC. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und nicht spezifizierte Auswirkungen zu verursachen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025751"
        ],
        "last_affected": [
          "T024051"
        ]
      },
      "release_date": "2023-01-04T23:00:00Z",
      "title": "CVE-2019-17566"
    },
    {
      "cve": "CVE-2018-8013",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen in verschiedenen Komponenten von Drittanbietern wie Google Web Toolkit, Eclipse BIRT, Apache Batik, Apache Derby, Eclipse Equinox, FasterXML jackson-databind, Eclipse Jetty, Netty und JDBC. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und nicht spezifizierte Auswirkungen zu verursachen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025751"
        ],
        "last_affected": [
          "T024051"
        ]
      },
      "release_date": "2023-01-04T23:00:00Z",
      "title": "CVE-2018-8013"
    },
    {
      "cve": "CVE-2017-5662",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen in verschiedenen Komponenten von Drittanbietern wie Google Web Toolkit, Eclipse BIRT, Apache Batik, Apache Derby, Eclipse Equinox, FasterXML jackson-databind, Eclipse Jetty, Netty und JDBC. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und nicht spezifizierte Auswirkungen zu verursachen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025751"
        ],
        "last_affected": [
          "T024051"
        ]
      },
      "release_date": "2023-01-04T23:00:00Z",
      "title": "CVE-2017-5662"
    },
    {
      "cve": "CVE-2016-3506",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen in verschiedenen Komponenten von Drittanbietern wie Google Web Toolkit, Eclipse BIRT, Apache Batik, Apache Derby, Eclipse Equinox, FasterXML jackson-databind, Eclipse Jetty, Netty und JDBC. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und nicht spezifizierte Auswirkungen zu verursachen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025751"
        ],
        "last_affected": [
          "T024051"
        ]
      },
      "release_date": "2023-01-04T23:00:00Z",
      "title": "CVE-2016-3506"
    },
    {
      "cve": "CVE-2015-0250",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen in verschiedenen Komponenten von Drittanbietern wie Google Web Toolkit, Eclipse BIRT, Apache Batik, Apache Derby, Eclipse Equinox, FasterXML jackson-databind, Eclipse Jetty, Netty und JDBC. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und nicht spezifizierte Auswirkungen zu verursachen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025751"
        ],
        "last_affected": [
          "T024051"
        ]
      },
      "release_date": "2023-01-04T23:00:00Z",
      "title": "CVE-2015-0250"
    },
    {
      "cve": "CVE-2009-4521",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen in verschiedenen Komponenten von Drittanbietern wie Google Web Toolkit, Eclipse BIRT, Apache Batik, Apache Derby, Eclipse Equinox, FasterXML jackson-databind, Eclipse Jetty, Netty und JDBC. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und nicht spezifizierte Auswirkungen zu verursachen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025751"
        ],
        "last_affected": [
          "T024051"
        ]
      },
      "release_date": "2023-01-04T23:00:00Z",
      "title": "CVE-2009-4521"
    },
    {
      "cve": "CVE-2009-4269",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen in verschiedenen Komponenten von Drittanbietern wie Google Web Toolkit, Eclipse BIRT, Apache Batik, Apache Derby, Eclipse Equinox, FasterXML jackson-databind, Eclipse Jetty, Netty und JDBC. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und nicht spezifizierte Auswirkungen zu verursachen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025751"
        ],
        "last_affected": [
          "T024051"
        ]
      },
      "release_date": "2023-01-04T23:00:00Z",
      "title": "CVE-2009-4269"
    },
    {
      "cve": "CVE-2007-2378",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen in verschiedenen Komponenten von Drittanbietern wie Google Web Toolkit, Eclipse BIRT, Apache Batik, Apache Derby, Eclipse Equinox, FasterXML jackson-databind, Eclipse Jetty, Netty und JDBC. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und nicht spezifizierte Auswirkungen zu verursachen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025751"
        ],
        "last_affected": [
          "T024051"
        ]
      },
      "release_date": "2023-01-04T23:00:00Z",
      "title": "CVE-2007-2378"
    }
  ]
}

var-201805-1054

Vulnerability from variot

In Apache Batik 1.x before 1.10, when deserializing subclass of AbstractDocument, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization. Apache Batik Contains a vulnerability in the deserialization of unreliable data.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Apache Batik is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. Apache Batik 1.9.1 and prior versions are vulnerable.

Mitigation: Users should upgrade to Batik 1.10+

Credit: This issue was independently reported by Man Yue Mo.

References: http://xmlgraphics.apache.org/security.html

The Apache XML Graphics team. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

Debian Security Advisory DSA-4215-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond June 02, 2018 https://www.debian.org/security/faq

Package : batik CVE ID : CVE-2017-5662 CVE-2018-8013 Debian Bug : 860566 899374

Man Yue Mo, Lars Krapf and Pierre Ernst discovered that Batik, a toolkit for processing SVG images, did not properly validate its input. This would allow an attacker to cause a denial-of-service, mount cross-site scripting attacks, or access restricted files on the server.

For the oldstable distribution (jessie), these problems have been fixed in version 1.7+dfsg-5+deb8u1.

For the stable distribution (stretch), these problems have been fixed in version 1.8-4+deb9u1.

We recommend that you upgrade your batik packages.

For the detailed security status of batik please refer to its security tracker page at: https://security-tracker.debian.org/tracker/batik

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAlsSUFsACgkQEL6Jg/PV nWQKAQgAtoVouiI8CAu0mMH4CxzV9Gn+PheDY9BIdjfARj60IPGFt1JgwJGwdhuS ANRAYaYhwEl+ZJSi5QUunT+tmwjINkWVQ1OoQIULR+/51bbkPQsND8nj2rVsO8z4 BQFJqUVdpbF04nDAP2lxyLMevrS5v9bQTXZfchIQOYhu08+L4HHilnMzRKpeaFNo jHBfpOhT4puftGQDtPW3+Czrree7yjkyElryVXiaNupH1PYuBs7GH3cGIct4NNv/ 7cykB7tf0j7cL+82YOCe5PhWQJfF52uj4Uck92v+muV6G6H7/vNj8irfC+iW7sP1 s58xKHi+VG3tU66xb44dK4MteCk9SA== =n3ZC -----END PGP SIGNATURE----- . ========================================================================== Ubuntu Security Notice USN-3661-1 May 29, 2018

batik vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 14.04 LTS

Summary:

Batik could be made to expose sensitive information if it received a specially crafted XML.

Software Description: - batik: SVG Library

Details:

It was discovered that Batik incorrectly handled certain XML.

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 LTS: libbatik-java 1.7.ubuntu-8ubuntu2.14.04.3

In general, a standard system update will make all the necessary changes.

References: https://usn.ubuntu.com/usn/usn-3661-1 CVE-2018-8013

Package Information: https://launchpad.net/ubuntu/+source/batik/1.7.ubuntu-8ubuntu2.14.04.3 . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202401-11

                                       https://security.gentoo.org/

Severity: Normal Title: Apache Batik: Multiple Vulnerabilities Date: January 07, 2024 Bugs: #724534, #872689, #918088 ID: 202401-11

Synopsis

Multiple vulnerabilities have been found in Apache Batik, the worst of which could result in arbitrary code execution.

Background

Apache Batik is a Java-based toolkit for applications or applets that want to use images in the Scalable Vector Graphics (SVG) format for various purposes, such as display, generation or manipulation.

Affected packages

Package Vulnerable Unaffected

dev-java/batik < 1.17 >= 1.17

Description

Multiple vulnerabilities have been discovered in Apache Batik. Please review the CVE identifiers referenced below for details.

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All Apache Batik users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/batik-1.17"

References

[ 1 ] CVE-2018-8013 https://nvd.nist.gov/vuln/detail/CVE-2018-8013 [ 2 ] CVE-2019-17566 https://nvd.nist.gov/vuln/detail/CVE-2019-17566 [ 3 ] CVE-2020-11987 https://nvd.nist.gov/vuln/detail/CVE-2020-11987 [ 4 ] CVE-2022-38398 https://nvd.nist.gov/vuln/detail/CVE-2022-38398 [ 5 ] CVE-2022-38648 https://nvd.nist.gov/vuln/detail/CVE-2022-38648 [ 6 ] CVE-2022-40146 https://nvd.nist.gov/vuln/detail/CVE-2022-40146 [ 7 ] CVE-2022-41704 https://nvd.nist.gov/vuln/detail/CVE-2022-41704 [ 8 ] CVE-2022-42890 https://nvd.nist.gov/vuln/detail/CVE-2022-42890 [ 9 ] CVE-2022-44729 https://nvd.nist.gov/vuln/detail/CVE-2022-44729 [ 10 ] CVE-2022-44730 https://nvd.nist.gov/vuln/detail/CVE-2022-44730

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/202401-11

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201805-1054",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "retail returns management",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "oracle",
        "version": "14.1"
      },
      {
        "model": "retail point-of-service",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "oracle",
        "version": "14.1"
      },
      {
        "model": "retail point-of-service",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "oracle",
        "version": "14.0"
      },
      {
        "model": "retail point-of-service",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "oracle",
        "version": "13.4"
      },
      {
        "model": "retail order broker",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "oracle",
        "version": "5.2"
      },
      {
        "model": "retail order broker",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "oracle",
        "version": "5.1"
      },
      {
        "model": "retail order broker",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "oracle",
        "version": "16.0"
      },
      {
        "model": "retail order broker",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "oracle",
        "version": "15.0"
      },
      {
        "model": "retail integration bus",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "oracle",
        "version": "17.0"
      },
      {
        "model": "retail central office",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "oracle",
        "version": "14.1"
      },
      {
        "model": "retail back office",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "oracle",
        "version": "14.1"
      },
      {
        "model": "retail back office",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "oracle",
        "version": "13.4"
      },
      {
        "model": "retail back office",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "oracle",
        "version": "13.3"
      },
      {
        "model": "jd edwards enterpriseone tools",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "oracle",
        "version": "9.2"
      },
      {
        "model": "insurance policy administration j2ee",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "oracle",
        "version": "10.2"
      },
      {
        "model": "insurance policy administration j2ee",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "oracle",
        "version": "10.0"
      },
      {
        "model": "insurance calculation engine",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "oracle",
        "version": "10.2.1"
      },
      {
        "model": "insurance calculation engine",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "oracle",
        "version": "10.1.1"
      },
      {
        "model": "instantis enterprisetrack",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "oracle",
        "version": "17.3"
      },
      {
        "model": "instantis enterprisetrack",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "oracle",
        "version": "17.2"
      },
      {
        "model": "instantis enterprisetrack",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "oracle",
        "version": "17.1"
      },
      {
        "model": "enterprise repository",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "oracle",
        "version": "12.1.3.0.0"
      },
      {
        "model": "enterprise repository",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "oracle",
        "version": "11.1.1.7.0"
      },
      {
        "model": "financial services analytical applications infrastructure",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "7.3.3.0.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "9.0"
      },
      {
        "model": "data integrator",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2.1.3.0"
      },
      {
        "model": "financial services analytical applications infrastructure",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.7.1.0"
      },
      {
        "model": "business intelligence",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "11.1.1.9.0"
      },
      {
        "model": "business intelligence",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2.1.3.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "7.0"
      },
      {
        "model": "fusion middleware mapviewer",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2.1.3"
      },
      {
        "model": "financial services analytical applications infrastructure",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "7.3.3.0.0"
      },
      {
        "model": "business intelligence",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "11.1.1.7.0"
      },
      {
        "model": "communications webrtc session controller",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "7.2"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "14.04"
      },
      {
        "model": "business intelligence",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2.1.4.0"
      },
      {
        "model": "communications diameter signaling router",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.3"
      },
      {
        "model": "batik",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apache",
        "version": "1.0"
      },
      {
        "model": "retail back office",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14"
      },
      {
        "model": "financial services analytical applications infrastructure",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.0.0.0"
      },
      {
        "model": "batik",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apache",
        "version": "1.10"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "8.0"
      },
      {
        "model": "fusion middleware mapviewer",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2.1.2"
      },
      {
        "model": "communications metasolv solution",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "6.3.0"
      },
      {
        "model": "batik",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "apache",
        "version": "1.7"
      },
      {
        "model": "batik",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "apache",
        "version": "1.5"
      },
      {
        "model": "batik",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "apache",
        "version": "1.1.1"
      },
      {
        "model": "batik",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "apache",
        "version": "1.1"
      },
      {
        "model": "batik",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "apache",
        "version": "1.0"
      },
      {
        "model": "ubuntu",
        "scope": null,
        "trust": 0.8,
        "vendor": "canonical",
        "version": null
      },
      {
        "model": "gnu/linux",
        "scope": null,
        "trust": 0.8,
        "vendor": "debian",
        "version": null
      },
      {
        "model": "batik",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apache",
        "version": "1.10"
      },
      {
        "model": "batik",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apache",
        "version": "1.x"
      },
      {
        "model": "webcenter sites",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.2.1.3.0"
      },
      {
        "model": "retail back office",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "14.0"
      },
      {
        "model": "micros relate crm software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.4"
      },
      {
        "model": "fmw platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.2.1.3.0"
      },
      {
        "model": "fmw platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.3.0.0"
      },
      {
        "model": "communications webrtc session controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7.1"
      },
      {
        "model": "communications webrtc session controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7.0"
      },
      {
        "model": "communications metasolv solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.3"
      },
      {
        "model": "communications diameter signaling router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7.1"
      },
      {
        "model": "communications diameter signaling router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.0.2"
      },
      {
        "model": "communications diameter signaling router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.0"
      },
      {
        "model": "communications diameter signaling router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.1"
      },
      {
        "model": "communications diameter signaling router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.6"
      },
      {
        "model": "communications diameter signaling router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1"
      },
      {
        "model": "communications diameter signaling router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.0"
      },
      {
        "model": "communications diameter signaling router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7.0"
      },
      {
        "model": "communications diameter signaling router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0"
      },
      {
        "model": "communications diameter signaling router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0"
      },
      {
        "model": "communications diameter signaling router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.0"
      },
      {
        "model": "communications application session controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.8"
      },
      {
        "model": "communications application session controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.7.1"
      },
      {
        "model": "business intelligence enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.2.1.4.0"
      },
      {
        "model": "business intelligence enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.2.1.3.0"
      },
      {
        "model": "business intelligence enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1.1.9.0"
      },
      {
        "model": "business intelligence enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1.1.7.0"
      },
      {
        "model": "batik",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "1.9.1"
      },
      {
        "model": "batik",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "1.9"
      },
      {
        "model": "batik",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "1.8"
      },
      {
        "model": "batik",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "1.6"
      },
      {
        "model": "batik",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "1.5.1"
      },
      {
        "model": "communications webrtc session controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7.2"
      },
      {
        "model": "communications diameter signaling router",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.3"
      },
      {
        "model": "batik",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apache",
        "version": "1.10"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "104252"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-005347"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201805-816"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-8013"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:batik:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.10",
                "versionStartIncluding": "1.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:enterprise_repository:12.1.3.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:business_intelligence:11.1.1.9.0:*:*:*:enterprise:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:enterprise_repository:11.1.1.7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:business_intelligence:11.1.1.7.0:*:*:*:enterprise:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_back_office:13.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_back_office:13.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:insurance_calculation_engine:10.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:insurance_calculation_engine:10.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_point-of-service:14.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_point-of-service:13.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.3.3.0.2",
                "versionStartIncluding": "7.3.3.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:17.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_back_office:14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_metasolv_solution:6.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.0.7.1.0",
                "versionStartIncluding": "8.0.0.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-8013"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Man Yue Mo",
    "sources": [
      {
        "db": "BID",
        "id": "104252"
      },
      {
        "db": "PACKETSTORM",
        "id": "147850"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201805-816"
      }
    ],
    "trust": 1.0
  },
  "cve": "CVE-2018-8013",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2018-8013",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-138045",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2018-8013",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-8013",
            "trust": 1.8,
            "value": "CRITICAL"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201805-816",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-138045",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2018-8013",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-138045"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-8013"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-005347"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201805-816"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-8013"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization. Apache Batik Contains a vulnerability in the deserialization of unreliable data.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Apache Batik is prone to an information-disclosure vulnerability. \nAn attacker can exploit this issue to gain access to sensitive  information; this may lead to further attacks. \nApache Batik 1.9.1 and prior versions are vulnerable. \n\nMitigation:\n        Users should upgrade to Batik 1.10+\n\nCredit:\n        This issue was independently reported by Man Yue Mo. \n\nReferences:\n        http://xmlgraphics.apache.org/security.html\n\nThe Apache XML Graphics team. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4215-1                   security@debian.org\nhttps://www.debian.org/security/                       Sebastien Delafond\nJune 02, 2018                         https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage        : batik\nCVE ID         : CVE-2017-5662 CVE-2018-8013\nDebian Bug     : 860566 899374\n\nMan Yue Mo, Lars Krapf and Pierre Ernst discovered that Batik, a\ntoolkit for processing SVG images, did not properly validate its\ninput. This would allow an attacker to cause a denial-of-service,\nmount cross-site scripting attacks, or access restricted files on the\nserver. \n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 1.7+dfsg-5+deb8u1. \n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1.8-4+deb9u1. \n\nWe recommend that you upgrade your batik packages. \n\nFor the detailed security status of batik please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/batik\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAlsSUFsACgkQEL6Jg/PV\nnWQKAQgAtoVouiI8CAu0mMH4CxzV9Gn+PheDY9BIdjfARj60IPGFt1JgwJGwdhuS\nANRAYaYhwEl+ZJSi5QUunT+tmwjINkWVQ1OoQIULR+/51bbkPQsND8nj2rVsO8z4\nBQFJqUVdpbF04nDAP2lxyLMevrS5v9bQTXZfchIQOYhu08+L4HHilnMzRKpeaFNo\njHBfpOhT4puftGQDtPW3+Czrree7yjkyElryVXiaNupH1PYuBs7GH3cGIct4NNv/\n7cykB7tf0j7cL+82YOCe5PhWQJfF52uj4Uck92v+muV6G6H7/vNj8irfC+iW7sP1\ns58xKHi+VG3tU66xb44dK4MteCk9SA==\n=n3ZC\n-----END PGP SIGNATURE-----\n. ==========================================================================\nUbuntu Security Notice USN-3661-1\nMay 29, 2018\n\nbatik vulnerability\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 LTS\n\nSummary:\n\nBatik could be made to expose sensitive information if it received\na specially crafted XML. \n\nSoftware Description:\n- batik: SVG Library\n\nDetails:\n\nIt was discovered that Batik incorrectly handled certain XML. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 LTS:\n  libbatik-java                   1.7.ubuntu-8ubuntu2.14.04.3\n\nIn general, a standard system update will make all the necessary\nchanges. \n\nReferences:\n  https://usn.ubuntu.com/usn/usn-3661-1\n  CVE-2018-8013\n\nPackage Information:\n  https://launchpad.net/ubuntu/+source/batik/1.7.ubuntu-8ubuntu2.14.04.3\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202401-11\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: Apache Batik: Multiple Vulnerabilities\n     Date: January 07, 2024\n     Bugs: #724534, #872689, #918088\n       ID: 202401-11\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Apache Batik, the worst of\nwhich could result in arbitrary code execution. \n\nBackground\n==========\n\nApache Batik is a Java-based toolkit for applications or applets that\nwant to use images in the Scalable Vector Graphics (SVG) format for\nvarious purposes, such as display, generation or manipulation. \n\nAffected packages\n=================\n\nPackage         Vulnerable    Unaffected\n--------------  ------------  ------------\ndev-java/batik  \u003c 1.17        \u003e= 1.17\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Apache Batik. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Apache Batik users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-java/batik-1.17\"\n\nReferences\n==========\n\n[ 1 ] CVE-2018-8013\n      https://nvd.nist.gov/vuln/detail/CVE-2018-8013\n[ 2 ] CVE-2019-17566\n      https://nvd.nist.gov/vuln/detail/CVE-2019-17566\n[ 3 ] CVE-2020-11987\n      https://nvd.nist.gov/vuln/detail/CVE-2020-11987\n[ 4 ] CVE-2022-38398\n      https://nvd.nist.gov/vuln/detail/CVE-2022-38398\n[ 5 ] CVE-2022-38648\n      https://nvd.nist.gov/vuln/detail/CVE-2022-38648\n[ 6 ] CVE-2022-40146\n      https://nvd.nist.gov/vuln/detail/CVE-2022-40146\n[ 7 ] CVE-2022-41704\n      https://nvd.nist.gov/vuln/detail/CVE-2022-41704\n[ 8 ] CVE-2022-42890\n      https://nvd.nist.gov/vuln/detail/CVE-2022-42890\n[ 9 ] CVE-2022-44729\n      https://nvd.nist.gov/vuln/detail/CVE-2022-44729\n[ 10 ] CVE-2022-44730\n      https://nvd.nist.gov/vuln/detail/CVE-2022-44730\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202401-11\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2024 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-8013"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-005347"
      },
      {
        "db": "BID",
        "id": "104252"
      },
      {
        "db": "VULHUB",
        "id": "VHN-138045"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-8013"
      },
      {
        "db": "PACKETSTORM",
        "id": "147850"
      },
      {
        "db": "PACKETSTORM",
        "id": "148025"
      },
      {
        "db": "PACKETSTORM",
        "id": "147929"
      },
      {
        "db": "PACKETSTORM",
        "id": "176409"
      }
    ],
    "trust": 2.43
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-8013",
        "trust": 3.3
      },
      {
        "db": "BID",
        "id": "104252",
        "trust": 2.1
      },
      {
        "db": "SECTRACK",
        "id": "1040995",
        "trust": 1.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-005347",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201805-816",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "147850",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "147929",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-138045",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-8013",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "148025",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "176409",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-138045"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-8013"
      },
      {
        "db": "BID",
        "id": "104252"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-005347"
      },
      {
        "db": "PACKETSTORM",
        "id": "147850"
      },
      {
        "db": "PACKETSTORM",
        "id": "148025"
      },
      {
        "db": "PACKETSTORM",
        "id": "147929"
      },
      {
        "db": "PACKETSTORM",
        "id": "176409"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201805-816"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-8013"
      }
    ]
  },
  "id": "VAR-201805-1054",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-138045"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-01-18T19:44:45.203000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "[SECURITY] [DLA 1385-1] batik security update",
        "trust": 0.8,
        "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00016.html"
      },
      {
        "title": "DSA-4215",
        "trust": 0.8,
        "url": "https://www.debian.org/security/2018/dsa-4215"
      },
      {
        "title": "[CVE-2018-8013] Apache Batik information disclosure vulnerability",
        "trust": 0.8,
        "url": "https://mail-archives.apache.org/mod_mbox/xmlgraphics-batik-dev/201805.mbox/%3c000701d3f28f$d01860a0$704921e0$@gmail.com%3e"
      },
      {
        "title": "Fixed in Batik 1.10",
        "trust": 0.8,
        "url": "https://xmlgraphics.apache.org/security.html"
      },
      {
        "title": "USN-3661-1",
        "trust": 0.8,
        "url": "https://usn.ubuntu.com/3661-1/"
      },
      {
        "title": "Apache Batik Repair measures for information disclosure vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=83694"
      },
      {
        "title": "The Register",
        "trust": 0.2,
        "url": "https://www.theregister.co.uk/2019/01/18/new_oracle_bugs/"
      },
      {
        "title": "Ubuntu Security Notice: batik vulnerability",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3661-1"
      },
      {
        "title": "Debian Security Advisories: DSA-4215-1 batik -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a5a0946ecde487d7ab58af400b4adadb"
      },
      {
        "title": "Debian CVElist Bug Report Logs: batik: CVE-2018-8013",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=014b8a6f2b61bfc1fe61f42bbe15b1b8"
      },
      {
        "title": "Red Hat: CVE-2018-8013",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2018-8013"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=5f8c525f1408011628af1792207b2099"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2019",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=f655264a6935505d167bbf45f409a57b"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=81c63752a6f26433af2128b2e8c02385"
      },
      {
        "title": "Java-Deserialization-CVEs",
        "trust": 0.1,
        "url": "https://github.com/palindromelabs/java-deserialization-cves "
      },
      {
        "title": "Nix Issue Database Example\nExample directory tree",
        "trust": 0.1,
        "url": "https://github.com/andir/nixos-issue-db-example "
      },
      {
        "title": "veracode-container-security-finding-parser",
        "trust": 0.1,
        "url": "https://github.com/vincent-deng/veracode-container-security-finding-parser "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2018-8013"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-005347"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201805-816"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-502",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-138045"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-005347"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-8013"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.0,
        "url": "http://www.securityfocus.com/bid/104252"
      },
      {
        "trust": 2.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
      },
      {
        "trust": 2.4,
        "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
      },
      {
        "trust": 2.2,
        "url": "https://xmlgraphics.apache.org/security.html"
      },
      {
        "trust": 2.1,
        "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
      },
      {
        "trust": 2.1,
        "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
      },
      {
        "trust": 2.1,
        "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
      },
      {
        "trust": 1.9,
        "url": "https://usn.ubuntu.com/3661-1/"
      },
      {
        "trust": 1.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
      },
      {
        "trust": 1.8,
        "url": "https://www.debian.org/security/2018/dsa-4215"
      },
      {
        "trust": 1.8,
        "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
      },
      {
        "trust": 1.8,
        "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00016.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.securitytracker.com/id/1040995"
      },
      {
        "trust": 1.2,
        "url": "https://security.gentoo.org/glsa/202401-11"
      },
      {
        "trust": 1.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-8013"
      },
      {
        "trust": 1.1,
        "url": "https://mail-archives.apache.org/mod_mbox/xmlgraphics-batik-dev/201805.mbox/%3c000701d3f28f%24d01860a0%24704921e0%24%40gmail.com%3e"
      },
      {
        "trust": 1.1,
        "url": "https://lists.apache.org/thread.html/r9e90b4d1cf6ea87a79bb506541140dfbf4801f4463a7cee08126ee44%40%3ccommits.xmlgraphics.apache.org%3e"
      },
      {
        "trust": 1.1,
        "url": "https://lists.apache.org/thread.html/rc0a31867796043fbe59113fb654fe8b13309fe04f8935acb8d0fab19%40%3ccommits.xmlgraphics.apache.org%3e"
      },
      {
        "trust": 0.9,
        "url": "http://www.apache.org/"
      },
      {
        "trust": 0.9,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1581725"
      },
      {
        "trust": 0.9,
        "url": "https://access.redhat.com/security/cve/cve-2018-8013"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8013"
      },
      {
        "trust": 0.7,
        "url": "https://mail-archives.apache.org/mod_mbox/xmlgraphics-batik-dev/201805.mbox/%3c000701d3f28f$d01860a0$704921e0$@gmail.com%3e"
      },
      {
        "trust": 0.7,
        "url": "https://lists.apache.org/thread.html/rc0a31867796043fbe59113fb654fe8b13309fe04f8935acb8d0fab19@%3ccommits.xmlgraphics.apache.org%3e"
      },
      {
        "trust": 0.7,
        "url": "https://lists.apache.org/thread.html/r9e90b4d1cf6ea87a79bb506541140dfbf4801f4463a7cee08126ee44@%3ccommits.xmlgraphics.apache.org%3e"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-apache-batik-affect-tivoli-netcool-omnibus-webgui-cve-2017-5662-cve-2018-8013-cve-2015-0250-cve-2019-17566/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-older-version-of-common-open-source-batik-dom-1-9-1-jar-found-in-the-maximoforgeviewerplugin-which-is-shipped-with-ibm-maximo-for-civil-infrastructure/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-an-older-version-of-a-batik-plugin-that-is-included-in-ibm-installation-manager-and-ibm-packaging-utility/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/502.html"
      },
      {
        "trust": 0.1,
        "url": "https://tools.cisco.com/security/center/viewalert.x?alertid=57978"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5662"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/batik"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/batik/1.7.ubuntu-8ubuntu2.14.04.3"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/usn/usn-3661-1"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-44729"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42890"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11987"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-40146"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-44730"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-38398"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17566"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-41704"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-38648"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-138045"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-8013"
      },
      {
        "db": "BID",
        "id": "104252"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-005347"
      },
      {
        "db": "PACKETSTORM",
        "id": "147850"
      },
      {
        "db": "PACKETSTORM",
        "id": "148025"
      },
      {
        "db": "PACKETSTORM",
        "id": "147929"
      },
      {
        "db": "PACKETSTORM",
        "id": "176409"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201805-816"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-8013"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-138045"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-8013"
      },
      {
        "db": "BID",
        "id": "104252"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-005347"
      },
      {
        "db": "PACKETSTORM",
        "id": "147850"
      },
      {
        "db": "PACKETSTORM",
        "id": "148025"
      },
      {
        "db": "PACKETSTORM",
        "id": "147929"
      },
      {
        "db": "PACKETSTORM",
        "id": "176409"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201805-816"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-8013"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-05-24T00:00:00",
        "db": "VULHUB",
        "id": "VHN-138045"
      },
      {
        "date": "2018-05-24T00:00:00",
        "db": "VULMON",
        "id": "CVE-2018-8013"
      },
      {
        "date": "2018-05-23T00:00:00",
        "db": "BID",
        "id": "104252"
      },
      {
        "date": "2018-07-12T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-005347"
      },
      {
        "date": "2018-05-24T17:53:06",
        "db": "PACKETSTORM",
        "id": "147850"
      },
      {
        "date": "2018-06-02T03:05:00",
        "db": "PACKETSTORM",
        "id": "148025"
      },
      {
        "date": "2018-05-29T22:22:00",
        "db": "PACKETSTORM",
        "id": "147929"
      },
      {
        "date": "2024-01-08T15:04:00",
        "db": "PACKETSTORM",
        "id": "176409"
      },
      {
        "date": "2018-05-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201805-816"
      },
      {
        "date": "2018-05-24T16:29:00.380000",
        "db": "NVD",
        "id": "CVE-2018-8013"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-10-20T00:00:00",
        "db": "VULHUB",
        "id": "VHN-138045"
      },
      {
        "date": "2024-01-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2018-8013"
      },
      {
        "date": "2019-07-17T08:00:00",
        "db": "BID",
        "id": "104252"
      },
      {
        "date": "2018-07-12T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-005347"
      },
      {
        "date": "2020-12-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201805-816"
      },
      {
        "date": "2024-01-07T11:15:09.053000",
        "db": "NVD",
        "id": "CVE-2018-8013"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201805-816"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apache Batik Vulnerable to unreliable data deserialization",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-005347"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "code problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201805-816"
      }
    ],
    "trust": 0.6
  }
}

Action not permitted

CVE-2018-8013

Vulnerability from cvelistv5

gsd-2018-8013

Vulnerability from gsd

ghsa-25gw-4pcc-45cf

Vulnerability from github

wid-sec-w-2023-0027

Vulnerability from csaf_certbund

var-201805-1054

Vulnerability from variot

batik vulnerability

Synopsis

Background

Affected packages

Description

Impact

Workaround

Resolution

References

Availability

Concerns?

License

Tags