var-201805-1054
Vulnerability from variot
In Apache Batik 1.x before 1.10, when deserializing subclass of AbstractDocument
, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization. Apache Batik Contains a vulnerability in the deserialization of unreliable data.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Apache Batik is prone to an information-disclosure vulnerability.
An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks.
Apache Batik 1.9.1 and prior versions are vulnerable.
Mitigation: Users should upgrade to Batik 1.10+
Credit: This issue was independently reported by Man Yue Mo.
References: http://xmlgraphics.apache.org/security.html
The Apache XML Graphics team. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-4215-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond June 02, 2018 https://www.debian.org/security/faq
Package : batik CVE ID : CVE-2017-5662 CVE-2018-8013 Debian Bug : 860566 899374
Man Yue Mo, Lars Krapf and Pierre Ernst discovered that Batik, a toolkit for processing SVG images, did not properly validate its input. This would allow an attacker to cause a denial-of-service, mount cross-site scripting attacks, or access restricted files on the server.
For the oldstable distribution (jessie), these problems have been fixed in version 1.7+dfsg-5+deb8u1.
For the stable distribution (stretch), these problems have been fixed in version 1.8-4+deb9u1.
We recommend that you upgrade your batik packages.
For the detailed security status of batik please refer to its security tracker page at: https://security-tracker.debian.org/tracker/batik
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAlsSUFsACgkQEL6Jg/PV nWQKAQgAtoVouiI8CAu0mMH4CxzV9Gn+PheDY9BIdjfARj60IPGFt1JgwJGwdhuS ANRAYaYhwEl+ZJSi5QUunT+tmwjINkWVQ1OoQIULR+/51bbkPQsND8nj2rVsO8z4 BQFJqUVdpbF04nDAP2lxyLMevrS5v9bQTXZfchIQOYhu08+L4HHilnMzRKpeaFNo jHBfpOhT4puftGQDtPW3+Czrree7yjkyElryVXiaNupH1PYuBs7GH3cGIct4NNv/ 7cykB7tf0j7cL+82YOCe5PhWQJfF52uj4Uck92v+muV6G6H7/vNj8irfC+iW7sP1 s58xKHi+VG3tU66xb44dK4MteCk9SA== =n3ZC -----END PGP SIGNATURE----- . ========================================================================== Ubuntu Security Notice USN-3661-1 May 29, 2018
batik vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
Batik could be made to expose sensitive information if it received a specially crafted XML.
Software Description: - batik: SVG Library
Details:
It was discovered that Batik incorrectly handled certain XML.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 LTS: libbatik-java 1.7.ubuntu-8ubuntu2.14.04.3
In general, a standard system update will make all the necessary changes.
References: https://usn.ubuntu.com/usn/usn-3661-1 CVE-2018-8013
Package Information: https://launchpad.net/ubuntu/+source/batik/1.7.ubuntu-8ubuntu2.14.04.3 . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202401-11
https://security.gentoo.org/
Severity: Normal Title: Apache Batik: Multiple Vulnerabilities Date: January 07, 2024 Bugs: #724534, #872689, #918088 ID: 202401-11
Synopsis
Multiple vulnerabilities have been found in Apache Batik, the worst of which could result in arbitrary code execution.
Background
Apache Batik is a Java-based toolkit for applications or applets that want to use images in the Scalable Vector Graphics (SVG) format for various purposes, such as display, generation or manipulation.
Affected packages
Package Vulnerable Unaffected
dev-java/batik < 1.17 >= 1.17
Description
Multiple vulnerabilities have been discovered in Apache Batik. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Apache Batik users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/batik-1.17"
References
[ 1 ] CVE-2018-8013 https://nvd.nist.gov/vuln/detail/CVE-2018-8013 [ 2 ] CVE-2019-17566 https://nvd.nist.gov/vuln/detail/CVE-2019-17566 [ 3 ] CVE-2020-11987 https://nvd.nist.gov/vuln/detail/CVE-2020-11987 [ 4 ] CVE-2022-38398 https://nvd.nist.gov/vuln/detail/CVE-2022-38398 [ 5 ] CVE-2022-38648 https://nvd.nist.gov/vuln/detail/CVE-2022-38648 [ 6 ] CVE-2022-40146 https://nvd.nist.gov/vuln/detail/CVE-2022-40146 [ 7 ] CVE-2022-41704 https://nvd.nist.gov/vuln/detail/CVE-2022-41704 [ 8 ] CVE-2022-42890 https://nvd.nist.gov/vuln/detail/CVE-2022-42890 [ 9 ] CVE-2022-44729 https://nvd.nist.gov/vuln/detail/CVE-2022-44729 [ 10 ] CVE-2022-44730 https://nvd.nist.gov/vuln/detail/CVE-2022-44730
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202401-11
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2024 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201805-1054", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "retail returns management", "scope": "eq", "trust": 1.3, "vendor": "oracle", "version": "14.1" }, { "model": "retail point-of-service", "scope": "eq", "trust": 1.3, "vendor": "oracle", "version": "14.1" }, { "model": "retail point-of-service", "scope": "eq", "trust": 1.3, "vendor": "oracle", "version": "14.0" }, { "model": "retail point-of-service", "scope": "eq", "trust": 1.3, "vendor": "oracle", "version": "13.4" }, { "model": "retail order broker", "scope": "eq", "trust": 1.3, "vendor": "oracle", "version": "5.2" }, { "model": "retail order broker", "scope": "eq", "trust": 1.3, "vendor": "oracle", "version": "5.1" }, { "model": "retail order broker", "scope": "eq", "trust": 1.3, "vendor": "oracle", "version": "16.0" }, { "model": "retail order broker", "scope": "eq", "trust": 1.3, "vendor": "oracle", "version": "15.0" }, { "model": "retail integration bus", "scope": "eq", "trust": 1.3, "vendor": "oracle", "version": "17.0" }, { "model": "retail central office", "scope": "eq", "trust": 1.3, "vendor": "oracle", "version": "14.1" }, { "model": "retail back office", "scope": "eq", "trust": 1.3, "vendor": "oracle", "version": "14.1" }, { "model": "retail back office", "scope": "eq", "trust": 1.3, "vendor": "oracle", "version": "13.4" }, { "model": "retail back office", "scope": "eq", "trust": 1.3, "vendor": "oracle", "version": "13.3" }, { "model": "jd edwards enterpriseone tools", "scope": "eq", "trust": 1.3, "vendor": "oracle", "version": "9.2" }, { "model": "insurance policy administration j2ee", "scope": "eq", "trust": 1.3, "vendor": "oracle", "version": "10.2" }, { "model": "insurance policy administration j2ee", "scope": "eq", "trust": 1.3, "vendor": "oracle", "version": "10.0" }, { "model": "insurance calculation engine", "scope": "eq", "trust": 1.3, "vendor": "oracle", "version": "10.2.1" }, { "model": "insurance calculation engine", "scope": "eq", "trust": 1.3, "vendor": "oracle", "version": "10.1.1" }, { "model": "instantis enterprisetrack", "scope": "eq", "trust": 1.3, "vendor": "oracle", "version": "17.3" }, { "model": "instantis enterprisetrack", "scope": "eq", "trust": 1.3, "vendor": "oracle", "version": "17.2" }, { "model": "instantis enterprisetrack", "scope": "eq", "trust": 1.3, "vendor": "oracle", "version": "17.1" }, { "model": "enterprise repository", "scope": "eq", "trust": 1.3, "vendor": "oracle", "version": "12.1.3.0.0" }, { "model": "enterprise repository", "scope": "eq", "trust": 1.3, "vendor": "oracle", "version": "11.1.1.7.0" }, { "model": "financial services analytical applications infrastructure", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "7.3.3.0.2" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "data integrator", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.3.0" }, { "model": "financial services analytical applications infrastructure", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.0.7.1.0" }, { "model": "business intelligence", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.1.1.9.0" }, { "model": "business intelligence", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.3.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "7.0" }, { "model": "fusion middleware mapviewer", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.3" }, { "model": "financial services analytical applications infrastructure", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "7.3.3.0.0" }, { "model": "business intelligence", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.1.1.7.0" }, { "model": "communications webrtc session controller", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "7.2" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "14.04" }, { "model": "business intelligence", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.4.0" }, { "model": "communications diameter signaling router", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "8.3" }, { "model": "batik", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "1.0" }, { "model": "retail back office", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14" }, { "model": "financial services analytical applications infrastructure", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.0.0.0.0" }, { "model": "batik", "scope": "lt", "trust": 1.0, "vendor": "apache", "version": "1.10" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "8.0" }, { "model": "fusion middleware mapviewer", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.2" }, { "model": "communications metasolv solution", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "6.3.0" }, { "model": "batik", "scope": "eq", "trust": 0.9, "vendor": "apache", "version": "1.7" }, { "model": "batik", "scope": "eq", "trust": 0.9, "vendor": "apache", "version": "1.5" }, { "model": "batik", "scope": "eq", "trust": 0.9, "vendor": "apache", "version": "1.1.1" }, { "model": "batik", "scope": "eq", "trust": 0.9, "vendor": "apache", "version": "1.1" }, { "model": "batik", "scope": "eq", "trust": 0.9, "vendor": "apache", "version": "1.0" }, { "model": "ubuntu", "scope": null, "trust": 0.8, "vendor": "canonical", "version": null }, { "model": "gnu/linux", "scope": null, "trust": 0.8, "vendor": "debian", "version": null }, { "model": "batik", "scope": "eq", "trust": 0.8, "vendor": "apache", "version": "1.10" }, { "model": "batik", "scope": "lt", "trust": 0.8, "vendor": "apache", "version": "1.x" }, { "model": "webcenter sites", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.2.1.3.0" }, { "model": "retail back office", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "14.0" }, { "model": "micros relate crm software", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.4" }, { "model": "fmw platform", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.2.1.3.0" }, { "model": "fmw platform", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.1.3.0.0" }, { "model": "communications webrtc session controller", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "7.1" }, { "model": "communications webrtc session controller", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "7.0" }, { "model": "communications metasolv solution", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.3" }, { "model": "communications diameter signaling router", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "7.1" }, { "model": "communications diameter signaling router", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.0.2" }, { "model": "communications diameter signaling router", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.0" }, { "model": "communications diameter signaling router", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.1" }, { "model": "communications diameter signaling router", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.1.6" }, { "model": "communications diameter signaling router", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.1" }, { "model": "communications diameter signaling router", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.0" }, { "model": "communications diameter signaling router", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "7.0" }, { "model": "communications diameter signaling router", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0" }, { "model": "communications diameter signaling router", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.0" }, { "model": "communications diameter signaling router", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.0" }, { "model": "communications application session controller", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.8" }, { "model": "communications application session controller", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.7.1" }, { "model": "business intelligence enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.2.1.4.0" }, { "model": "business intelligence enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.2.1.3.0" }, { "model": "business intelligence enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1.1.9.0" }, { "model": "business intelligence enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1.1.7.0" }, { "model": "batik", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.9.1" }, { "model": "batik", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.9" }, { "model": "batik", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.8" }, { "model": "batik", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.6" }, { "model": "batik", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.5.1" }, { "model": "communications webrtc session controller", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "7.2" }, { "model": "communications diameter signaling router", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "8.3" }, { "model": "batik", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": "1.10" } ], "sources": [ { "db": "BID", "id": "104252" }, { "db": "JVNDB", "id": "JVNDB-2018-005347" }, { "db": "CNNVD", "id": "CNNVD-201805-816" }, { "db": "NVD", "id": "CVE-2018-8013" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apache:batik:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.10", "versionStartIncluding": "1.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:enterprise_repository:12.1.3.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:business_intelligence:11.1.1.9.0:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:enterprise_repository:11.1.1.7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:business_intelligence:11.1.1.7.0:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_back_office:13.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_back_office:13.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_calculation_engine:10.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_calculation_engine:10.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "7.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_point-of-service:14.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_point-of-service:13.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "7.3.3.0.2", "versionStartIncluding": "7.3.3.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:17.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_back_office:14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_metasolv_solution:6.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.0.7.1.0", "versionStartIncluding": "8.0.0.0.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2018-8013" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Man Yue Mo", "sources": [ { "db": "BID", "id": "104252" }, { "db": "PACKETSTORM", "id": "147850" }, { "db": "CNNVD", "id": "CNNVD-201805-816" } ], "trust": 1.0 }, "cve": "CVE-2018-8013", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 7.5, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2018-8013", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-138045", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2018-8013", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2018-8013", "trust": 1.8, "value": "CRITICAL" }, { "author": "CNNVD", "id": "CNNVD-201805-816", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-138045", "trust": 0.1, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2018-8013", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-138045" }, { "db": "VULMON", "id": "CVE-2018-8013" }, { "db": "JVNDB", "id": "JVNDB-2018-005347" }, { "db": "CNNVD", "id": "CNNVD-201805-816" }, { "db": "NVD", "id": "CVE-2018-8013" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization. Apache Batik Contains a vulnerability in the deserialization of unreliable data.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Apache Batik is prone to an information-disclosure vulnerability. \nAn attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. \nApache Batik 1.9.1 and prior versions are vulnerable. \n\nMitigation:\n Users should upgrade to Batik 1.10+\n\nCredit:\n This issue was independently reported by Man Yue Mo. \n\nReferences:\n http://xmlgraphics.apache.org/security.html\n\nThe Apache XML Graphics team. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4215-1 security@debian.org\nhttps://www.debian.org/security/ Sebastien Delafond\nJune 02, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : batik\nCVE ID : CVE-2017-5662 CVE-2018-8013\nDebian Bug : 860566 899374\n\nMan Yue Mo, Lars Krapf and Pierre Ernst discovered that Batik, a\ntoolkit for processing SVG images, did not properly validate its\ninput. This would allow an attacker to cause a denial-of-service,\nmount cross-site scripting attacks, or access restricted files on the\nserver. \n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 1.7+dfsg-5+deb8u1. \n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1.8-4+deb9u1. \n\nWe recommend that you upgrade your batik packages. \n\nFor the detailed security status of batik please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/batik\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAlsSUFsACgkQEL6Jg/PV\nnWQKAQgAtoVouiI8CAu0mMH4CxzV9Gn+PheDY9BIdjfARj60IPGFt1JgwJGwdhuS\nANRAYaYhwEl+ZJSi5QUunT+tmwjINkWVQ1OoQIULR+/51bbkPQsND8nj2rVsO8z4\nBQFJqUVdpbF04nDAP2lxyLMevrS5v9bQTXZfchIQOYhu08+L4HHilnMzRKpeaFNo\njHBfpOhT4puftGQDtPW3+Czrree7yjkyElryVXiaNupH1PYuBs7GH3cGIct4NNv/\n7cykB7tf0j7cL+82YOCe5PhWQJfF52uj4Uck92v+muV6G6H7/vNj8irfC+iW7sP1\ns58xKHi+VG3tU66xb44dK4MteCk9SA==\n=n3ZC\n-----END PGP SIGNATURE-----\n. ==========================================================================\nUbuntu Security Notice USN-3661-1\nMay 29, 2018\n\nbatik vulnerability\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 LTS\n\nSummary:\n\nBatik could be made to expose sensitive information if it received\na specially crafted XML. \n\nSoftware Description:\n- batik: SVG Library\n\nDetails:\n\nIt was discovered that Batik incorrectly handled certain XML. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 LTS:\n libbatik-java 1.7.ubuntu-8ubuntu2.14.04.3\n\nIn general, a standard system update will make all the necessary\nchanges. \n\nReferences:\n https://usn.ubuntu.com/usn/usn-3661-1\n CVE-2018-8013\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/batik/1.7.ubuntu-8ubuntu2.14.04.3\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202401-11\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Apache Batik: Multiple Vulnerabilities\n Date: January 07, 2024\n Bugs: #724534, #872689, #918088\n ID: 202401-11\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Apache Batik, the worst of\nwhich could result in arbitrary code execution. \n\nBackground\n==========\n\nApache Batik is a Java-based toolkit for applications or applets that\nwant to use images in the Scalable Vector Graphics (SVG) format for\nvarious purposes, such as display, generation or manipulation. \n\nAffected packages\n=================\n\nPackage Vulnerable Unaffected\n-------------- ------------ ------------\ndev-java/batik \u003c 1.17 \u003e= 1.17\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Apache Batik. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Apache Batik users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-java/batik-1.17\"\n\nReferences\n==========\n\n[ 1 ] CVE-2018-8013\n https://nvd.nist.gov/vuln/detail/CVE-2018-8013\n[ 2 ] CVE-2019-17566\n https://nvd.nist.gov/vuln/detail/CVE-2019-17566\n[ 3 ] CVE-2020-11987\n https://nvd.nist.gov/vuln/detail/CVE-2020-11987\n[ 4 ] CVE-2022-38398\n https://nvd.nist.gov/vuln/detail/CVE-2022-38398\n[ 5 ] CVE-2022-38648\n https://nvd.nist.gov/vuln/detail/CVE-2022-38648\n[ 6 ] CVE-2022-40146\n https://nvd.nist.gov/vuln/detail/CVE-2022-40146\n[ 7 ] CVE-2022-41704\n https://nvd.nist.gov/vuln/detail/CVE-2022-41704\n[ 8 ] CVE-2022-42890\n https://nvd.nist.gov/vuln/detail/CVE-2022-42890\n[ 9 ] CVE-2022-44729\n https://nvd.nist.gov/vuln/detail/CVE-2022-44729\n[ 10 ] CVE-2022-44730\n https://nvd.nist.gov/vuln/detail/CVE-2022-44730\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202401-11\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2024 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n", "sources": [ { "db": "NVD", "id": "CVE-2018-8013" }, { "db": "JVNDB", "id": "JVNDB-2018-005347" }, { "db": "BID", "id": "104252" }, { "db": "VULHUB", "id": "VHN-138045" }, { "db": "VULMON", "id": "CVE-2018-8013" }, { "db": "PACKETSTORM", "id": "147850" }, { "db": "PACKETSTORM", "id": "148025" }, { "db": "PACKETSTORM", "id": "147929" }, { "db": "PACKETSTORM", "id": "176409" } ], "trust": 2.43 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-8013", "trust": 3.3 }, { "db": "BID", "id": "104252", "trust": 2.1 }, { "db": "SECTRACK", "id": "1040995", "trust": 1.8 }, { "db": "JVNDB", "id": "JVNDB-2018-005347", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201805-816", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "147850", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "147929", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-138045", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2018-8013", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "148025", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "176409", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-138045" }, { "db": "VULMON", "id": "CVE-2018-8013" }, { "db": "BID", "id": "104252" }, { "db": "JVNDB", "id": "JVNDB-2018-005347" }, { "db": "PACKETSTORM", "id": "147850" }, { "db": "PACKETSTORM", "id": "148025" }, { "db": "PACKETSTORM", "id": "147929" }, { "db": "PACKETSTORM", "id": "176409" }, { "db": "CNNVD", "id": "CNNVD-201805-816" }, { "db": "NVD", "id": "CVE-2018-8013" } ] }, "id": "VAR-201805-1054", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-138045" } ], "trust": 0.01 }, "last_update_date": "2024-01-18T19:44:45.203000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "[SECURITY] [DLA 1385-1] batik security update", "trust": 0.8, "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00016.html" }, { "title": "DSA-4215", "trust": 0.8, "url": "https://www.debian.org/security/2018/dsa-4215" }, { "title": "[CVE-2018-8013] Apache Batik information disclosure vulnerability", "trust": 0.8, "url": "https://mail-archives.apache.org/mod_mbox/xmlgraphics-batik-dev/201805.mbox/%3c000701d3f28f$d01860a0$704921e0$@gmail.com%3e" }, { "title": "Fixed in Batik 1.10", "trust": 0.8, "url": "https://xmlgraphics.apache.org/security.html" }, { "title": "USN-3661-1", "trust": 0.8, "url": "https://usn.ubuntu.com/3661-1/" }, { "title": "Apache Batik Repair measures for information disclosure vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=83694" }, { "title": "The Register", "trust": 0.2, "url": "https://www.theregister.co.uk/2019/01/18/new_oracle_bugs/" }, { "title": "Ubuntu Security Notice: batik vulnerability", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3661-1" }, { "title": "Debian Security Advisories: DSA-4215-1 batik -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a5a0946ecde487d7ab58af400b4adadb" }, { "title": "Debian CVElist Bug Report Logs: batik: CVE-2018-8013", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=014b8a6f2b61bfc1fe61f42bbe15b1b8" }, { "title": "Red Hat: CVE-2018-8013", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2018-8013" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - July 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=5f8c525f1408011628af1792207b2099" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - January 2019", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=f655264a6935505d167bbf45f409a57b" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=81c63752a6f26433af2128b2e8c02385" }, { "title": "Java-Deserialization-CVEs", "trust": 0.1, "url": "https://github.com/palindromelabs/java-deserialization-cves " }, { "title": "Nix Issue Database Example\nExample directory tree", "trust": 0.1, "url": "https://github.com/andir/nixos-issue-db-example " }, { "title": "veracode-container-security-finding-parser", "trust": 0.1, "url": "https://github.com/vincent-deng/veracode-container-security-finding-parser " } ], "sources": [ { "db": "VULMON", "id": "CVE-2018-8013" }, { "db": "JVNDB", "id": "JVNDB-2018-005347" }, { "db": "CNNVD", "id": "CNNVD-201805-816" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-502", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-138045" }, { "db": "JVNDB", "id": "JVNDB-2018-005347" }, { "db": "NVD", "id": "CVE-2018-8013" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.0, "url": "http://www.securityfocus.com/bid/104252" }, { "trust": 2.7, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { "trust": 2.4, "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "trust": 2.2, "url": "https://xmlgraphics.apache.org/security.html" }, { "trust": 2.1, "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { "trust": 2.1, "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "trust": 2.1, "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "trust": 1.9, "url": "https://usn.ubuntu.com/3661-1/" }, { "trust": 1.8, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" }, { "trust": 1.8, "url": "https://www.debian.org/security/2018/dsa-4215" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "trust": 1.8, "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00016.html" }, { "trust": 1.8, "url": "http://www.securitytracker.com/id/1040995" }, { "trust": 1.2, "url": "https://security.gentoo.org/glsa/202401-11" }, { "trust": 1.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-8013" }, { "trust": 1.1, "url": "https://mail-archives.apache.org/mod_mbox/xmlgraphics-batik-dev/201805.mbox/%3c000701d3f28f%24d01860a0%24704921e0%24%40gmail.com%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/r9e90b4d1cf6ea87a79bb506541140dfbf4801f4463a7cee08126ee44%40%3ccommits.xmlgraphics.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/rc0a31867796043fbe59113fb654fe8b13309fe04f8935acb8d0fab19%40%3ccommits.xmlgraphics.apache.org%3e" }, { "trust": 0.9, "url": "http://www.apache.org/" }, { "trust": 0.9, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1581725" }, { "trust": 0.9, "url": "https://access.redhat.com/security/cve/cve-2018-8013" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8013" }, { "trust": 0.7, "url": "https://mail-archives.apache.org/mod_mbox/xmlgraphics-batik-dev/201805.mbox/%3c000701d3f28f$d01860a0$704921e0$@gmail.com%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/rc0a31867796043fbe59113fb654fe8b13309fe04f8935acb8d0fab19@%3ccommits.xmlgraphics.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/r9e90b4d1cf6ea87a79bb506541140dfbf4801f4463a7cee08126ee44@%3ccommits.xmlgraphics.apache.org%3e" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-apache-batik-affect-tivoli-netcool-omnibus-webgui-cve-2017-5662-cve-2018-8013-cve-2015-0250-cve-2019-17566/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-older-version-of-common-open-source-batik-dom-1-9-1-jar-found-in-the-maximoforgeviewerplugin-which-is-shipped-with-ibm-maximo-for-civil-infrastructure/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-an-older-version-of-a-batik-plugin-that-is-included-in-ibm-installation-manager-and-ibm-packaging-utility/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/502.html" }, { "trust": 0.1, "url": "https://tools.cisco.com/security/center/viewalert.x?alertid=57978" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5662" }, { "trust": 0.1, "url": "https://www.debian.org/security/" }, { "trust": 0.1, "url": "https://security-tracker.debian.org/tracker/batik" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/batik/1.7.ubuntu-8ubuntu2.14.04.3" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/usn/usn-3661-1" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-44729" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42890" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11987" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-40146" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-44730" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-38398" }, { "trust": 0.1, "url": "https://security.gentoo.org/" }, { "trust": 0.1, "url": "https://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17566" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-41704" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-38648" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." } ], "sources": [ { "db": "VULHUB", "id": "VHN-138045" }, { "db": "VULMON", "id": "CVE-2018-8013" }, { "db": "BID", "id": "104252" }, { "db": "JVNDB", "id": "JVNDB-2018-005347" }, { "db": "PACKETSTORM", "id": "147850" }, { "db": "PACKETSTORM", "id": "148025" }, { "db": "PACKETSTORM", "id": "147929" }, { "db": "PACKETSTORM", "id": "176409" }, { "db": "CNNVD", "id": "CNNVD-201805-816" }, { "db": "NVD", "id": "CVE-2018-8013" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-138045" }, { "db": "VULMON", "id": "CVE-2018-8013" }, { "db": "BID", "id": "104252" }, { "db": "JVNDB", "id": "JVNDB-2018-005347" }, { "db": "PACKETSTORM", "id": "147850" }, { "db": "PACKETSTORM", "id": "148025" }, { "db": "PACKETSTORM", "id": "147929" }, { "db": "PACKETSTORM", "id": "176409" }, { "db": "CNNVD", "id": "CNNVD-201805-816" }, { "db": "NVD", "id": "CVE-2018-8013" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-05-24T00:00:00", "db": "VULHUB", "id": "VHN-138045" }, { "date": "2018-05-24T00:00:00", "db": "VULMON", "id": "CVE-2018-8013" }, { "date": "2018-05-23T00:00:00", "db": "BID", "id": "104252" }, { "date": "2018-07-12T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-005347" }, { "date": "2018-05-24T17:53:06", "db": "PACKETSTORM", "id": "147850" }, { "date": "2018-06-02T03:05:00", "db": "PACKETSTORM", "id": "148025" }, { "date": "2018-05-29T22:22:00", "db": "PACKETSTORM", "id": "147929" }, { "date": "2024-01-08T15:04:00", "db": "PACKETSTORM", "id": "176409" }, { "date": "2018-05-25T00:00:00", "db": "CNNVD", "id": "CNNVD-201805-816" }, { "date": "2018-05-24T16:29:00.380000", "db": "NVD", "id": "CVE-2018-8013" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-10-20T00:00:00", "db": "VULHUB", "id": "VHN-138045" }, { "date": "2024-01-07T00:00:00", "db": "VULMON", "id": "CVE-2018-8013" }, { "date": "2019-07-17T08:00:00", "db": "BID", "id": "104252" }, { "date": "2018-07-12T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-005347" }, { "date": "2020-12-16T00:00:00", "db": "CNNVD", "id": "CNNVD-201805-816" }, { "date": "2024-01-07T11:15:09.053000", "db": "NVD", "id": "CVE-2018-8013" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201805-816" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apache Batik Vulnerable to unreliable data deserialization", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-005347" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-201805-816" } ], "trust": 0.6 } }
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.