ID

VAR-202011-1478


CVE

CVE-2019-17566


TITLE

Apache Batik  Server-side Request Forgery Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-016095

DESCRIPTION

Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Installation instructions are available from the Fuse 7.8.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/ 4. Bugs fixed (https://bugzilla.redhat.com/): 1665601 - CVE-2018-1000873 jackson-modules-java8: DoS due to an Improper Input Validation 1666499 - CVE-2019-14900 hibernate: SQL injection issue in Hibernate ORM 1670593 - CVE-2019-3773 spring-ws: XML External Entity Injection (XXE) when receiving XML data from untrusted sources 1670597 - CVE-2019-3774 spring-batch: XML External Entity Injection (XXE) when receiving XML data from untrusted sources 1694235 - CVE-2020-10683 dom4j: XML External Entity vulnerability in default SAX parser 1703402 - CVE-2019-2692 mysql-connector-java: privilege escalation in MySQL connector 1705975 - CVE-2020-1714 keycloak: Lack of checks in ObjectInputStream leading to Remote Code Execution 1731271 - CVE-2019-10202 codehaus: incomplete fix for unsafe deserialization in jackson-databind vulnerabilities 1738673 - CVE-2019-10219 hibernate-validator: safeHTML validator allows XSS 1764607 - CVE-2019-0210 thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol 1764612 - CVE-2019-0205 thrift: Endless loop when feed with specific input data 1780445 - CVE-2019-19343 Undertow: Memory Leak in Undertow HttpOpenListener due to holding remoting connections indefinitely 1796617 - CVE-2020-1719 Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain 1797006 - CVE-2019-12423 cxf: OpenId Connect token service does not properly validate the clientId 1799475 - CVE-2020-5398 springframework: RFD attack via Content-Disposition Header sourced from request input by Spring MVC or Spring WebFlux Application 1801149 - CVE-2019-13990 libquartz: XXE attacks via job description 1801380 - CVE-2020-7226 cryptacular: excessive memory allocation during a decode operation 1816170 - CVE-2019-12406 cxf: does not restrict the number of message attachments 1816216 - CVE-2020-11612 netty: compression/decompression codecs don't enforce limits on buffer allocation sizes 1822759 - CVE-2020-1950 tika: excessive memory usage in PSDParser 1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender 1834512 - CVE-2020-10740 wildfly: unsafe deserialization in Wildfly Enterprise Java Beans 1848126 - CVE-2020-1960 apache-flink: JMX information disclosure vulnerability 1848433 - CVE-2020-11971 camel: DNS Rebinding in JMX Connector could result in remote command execution 1848464 - CVE-2020-11972 camel: RabbitMQ enables Java deserialization by default which could leed to remote code execution 1848465 - CVE-2020-11973 camel: Netty enables Java deserialization by default which could leed to remote code execution 1848617 - CVE-2019-17566 batik: SSRF via "xlink:href" 1850042 - CVE-2020-9489 tika-core: Denial of Service Vulnerabilities in Some of Apache Tika's Parsers 1850069 - CVE-2020-11989 shiro: spring dynamic controllers, a specially crafted request may cause an authentication bypass 1850450 - CVE-2020-11980 karaf: A remote client could create MBeans from arbitrary URLs 1852985 - CVE-2020-13692 postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML 1855786 - CVE-2020-11994 camel: server-side template injection and arbitrary file disclosure on templating components 1855826 - CVE-2020-14326 RESTEasy: Caching routes in RootNode may result in DoS 1864680 - CVE-2019-17638 jetty: double release of resource can lead to information disclosure 1869860 - CVE-2020-13933 shiro: specially crafted HTTP request may cause an authentication bypass 1879743 - CVE-2019-11777 org.eclipse.paho.client.mqttv3: Improper hostname validation in the MQTT library 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Decision Manager 7.9.0 security update Advisory ID: RHSA-2020:4960-01 Product: Red Hat Decision Manager Advisory URL: https://access.redhat.com/errata/RHSA-2020:4960 Issue date: 2020-11-05 CVE Names: CVE-2019-14900 CVE-2019-17566 CVE-2020-1748 CVE-2020-1945 CVE-2020-1954 CVE-2020-2875 CVE-2020-2933 CVE-2020-2934 CVE-2020-10683 CVE-2020-10693 CVE-2020-10714 ===================================================================== 1. Summary: An update is now available for Red Hat Decision Manager. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation (DMN) execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. This release of Red Hat Decision Manager 7.9.0 serves as an update to Red Hat Decision Manager 7.8.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900) * batik: SSRF via "xlink:href" (CVE-2019-17566) * Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748) * ant: insecure temporary file vulnerability (CVE-2020-1945) * dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683) * hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693) * wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714) * cxf: JMX integration is vulnerable to a MITM attack (CVE-2020-1954) * mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete (CVE-2020-2875) * mysql-connector-java: allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized partial DoS (CVE-2020-2933) * mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete (CVE-2020-2934) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. The References section of this erratum contains a download link (you must log in to download the update). 4. Bugs fixed (https://bugzilla.redhat.com/): 1666499 - CVE-2019-14900 hibernate: SQL injection issue in Hibernate ORM 1694235 - CVE-2020-10683 dom4j: XML External Entity vulnerability in default SAX parser 1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages 1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain 1824301 - CVE-2020-1954 cxf: JMX integration is vulnerable to a MITM attack 1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication 1837444 - CVE-2020-1945 ant: insecure temporary file vulnerability 1848617 - CVE-2019-17566 batik: SSRF via "xlink:href" 1851014 - CVE-2020-2934 mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete 1851019 - CVE-2020-2875 mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete 1851022 - CVE-2020-2933 mysql-connector-java: allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized partial DoS 5. References: https://access.redhat.com/security/cve/CVE-2019-14900 https://access.redhat.com/security/cve/CVE-2019-17566 https://access.redhat.com/security/cve/CVE-2020-1748 https://access.redhat.com/security/cve/CVE-2020-1945 https://access.redhat.com/security/cve/CVE-2020-1954 https://access.redhat.com/security/cve/CVE-2020-2875 https://access.redhat.com/security/cve/CVE-2020-2933 https://access.redhat.com/security/cve/CVE-2020-2934 https://access.redhat.com/security/cve/CVE-2020-10683 https://access.redhat.com/security/cve/CVE-2020-10693 https://access.redhat.com/security/cve/CVE-2020-10714 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=rhdm&version=7.9.0 https://access.redhat.com/documentation/en-us/red_hat_decision_manager/7.9/ 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX6RI8tzjgjWX9erEAQgb8g//bOAn52SE3WqFyv9Xew8jkqzxj0eO6uEf K4knKv2sOff6Kp9+PW7nBTU6+5c+ejBXEpT4BGUwlOKF6b77l0Rt/p4mfaN1ZzqA 95IjiTQ1szog0CPhTCpFqAabeenKr1fLMz8Y9+CEM4EIC8NJoKP4KdNx8m96OtjA 2gPFHGV7kSe9TZErvsicTmnBWiTfq9Nh8OUvg5hOLJ1p+O3nK6UA2kBSrs18vjyA 9QhT6D+v/ptddiRrNFq4OjgRw68BllFZpidSQD+SDZ3fEJqK5A/cVFzUBQYLVk4h azVywCt49CtT9wLxGFDeL13d24KziAoWDWVuC5kz/ERfdOzPKl+cEP8x5K1PBZgi uLp4le4n/GczjJiLVouHKsUaWQFBAQcJlOiAI6t/4j9ht1NaRd4cQEC5+ANzkjGr qm1nAub3cUszL3rdb1YVt+uJ1uWCIz6EmrfNeglWAfVLBqOeS6Ng0AtBbVQTj5qK 4J2ZujOjegc3eH3SYz2/ilc4cClpMigR6v83pAUDG/k7nMKp4b6KnDLi2YIzq4Fk nrq3scZ03u0L+4a2WOUaKtoBcRJGr8sM1w45dWPtTiEEzA1U95UT0f+zidlexQSR 6V93caKvx3mrmEUh+dly/N6IL0EHGU/YRRXhouKjd6Zx+psgcDgg7pGu3YLWtIo7 6ENlCG73lC4= =cbJe -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================= Ubuntu Security Notice USN-6117-1 May 30, 2023 batik vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS (Available with Ubuntu Pro) - Ubuntu 14.04 LTS (Available with Ubuntu Pro) Summary: Several security issues were fixed in Apache Batik. An attacker could possibly use this to perform a cross site request forgery attack. (CVE-2019-17566, CVE-2020-11987, CVE-2022-38398, CVE-2022-38648) It was discovered that Apache Batik incorrectly handled Jar URLs in some situations. A remote attacker could use this issue to access files on the server. (CVE-2022-40146) It was discovered that Apache Batik allowed running untrusted Java code from an SVG. (CVE-2022-41704, CVE-2022-42890) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.10: libbatik-java 1.14-2ubuntu0.1 Ubuntu 22.04 LTS: libbatik-java 1.14-1ubuntu0.2 Ubuntu 20.04 LTS: libbatik-java 1.12-1ubuntu0.1 Ubuntu 18.04 LTS: libbatik-java 1.10-2~18.04.1 Ubuntu 16.04 LTS (Available with Ubuntu Pro): libbatik-java 1.8-3ubuntu1+esm1 Ubuntu 14.04 LTS (Available with Ubuntu Pro): libbatik-java 1.7.ubuntu-8ubuntu2.14.04.3+esm1 In general, a standard system update will make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202401-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Apache Batik: Multiple Vulnerabilities Date: January 07, 2024 Bugs: #724534, #872689, #918088 ID: 202401-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Apache Batik, the worst of which could result in arbitrary code execution. Background ========== Apache Batik is a Java-based toolkit for applications or applets that want to use images in the Scalable Vector Graphics (SVG) format for various purposes, such as display, generation or manipulation. Affected packages ================= Package Vulnerable Unaffected -------------- ------------ ------------ dev-java/batik < 1.17 >= 1.17 Description =========== Multiple vulnerabilities have been discovered in Apache Batik. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Apache Batik users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/batik-1.17" References ========== [ 1 ] CVE-2018-8013 https://nvd.nist.gov/vuln/detail/CVE-2018-8013 [ 2 ] CVE-2019-17566 https://nvd.nist.gov/vuln/detail/CVE-2019-17566 [ 3 ] CVE-2020-11987 https://nvd.nist.gov/vuln/detail/CVE-2020-11987 [ 4 ] CVE-2022-38398 https://nvd.nist.gov/vuln/detail/CVE-2022-38398 [ 5 ] CVE-2022-38648 https://nvd.nist.gov/vuln/detail/CVE-2022-38648 [ 6 ] CVE-2022-40146 https://nvd.nist.gov/vuln/detail/CVE-2022-40146 [ 7 ] CVE-2022-41704 https://nvd.nist.gov/vuln/detail/CVE-2022-41704 [ 8 ] CVE-2022-42890 https://nvd.nist.gov/vuln/detail/CVE-2022-42890 [ 9 ] CVE-2022-44729 https://nvd.nist.gov/vuln/detail/CVE-2022-44729 [ 10 ] CVE-2022-44730 https://nvd.nist.gov/vuln/detail/CVE-2022-44730 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202401-11 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2024 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5

Trust: 2.79

sources: NVD: CVE-2019-17566 // JVNDB: JVNDB-2019-016095 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-149825 // VULMON: CVE-2019-17566 // PACKETSTORM: 160562 // PACKETSTORM: 159924 // PACKETSTORM: 159921 // PACKETSTORM: 172659 // PACKETSTORM: 176409

AFFECTED PRODUCTS

vendor:oraclemodel:communications metasolv solutionscope:gteversion:6.3.0

Trust: 1.0

vendor:oraclemodel:business intelligencescope:eqversion:5.9.0.0.0

Trust: 1.0

vendor:oraclemodel:retail order management system cloud servicescope:eqversion:19.5

Trust: 1.0

vendor:oraclemodel:communications offline mediation controllerscope:eqversion:12.0.0.3.0

Trust: 1.0

vendor:apachemodel:batikscope:ltversion:1.13

Trust: 1.0

vendor:oraclemodel:communications metasolv solutionscope:lteversion:6.3.1

Trust: 1.0

vendor:oraclemodel:retail integration busscope:eqversion:15.0.3

Trust: 1.0

vendor:oraclemodel:financial services analytical applications infrastructurescope:gteversion:8.0.6

Trust: 1.0

vendor:oraclemodel:retail returns managementscope:eqversion:14.1

Trust: 1.0

vendor:oraclemodel:fusion middleware mapviewerscope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:oraclemodel:business intelligencescope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:oraclemodel:enterprise repositoryscope:eqversion:11.1.1.7.0

Trust: 1.0

vendor:oraclemodel:financial services analytical applications infrastructurescope:lteversion:8.1.0

Trust: 1.0

vendor:oraclemodel:retail order brokerscope:eqversion:16.0

Trust: 1.0

vendor:oraclemodel:hyperion financial reportingscope:eqversion:11.1.2.4

Trust: 1.0

vendor:oraclemodel:business intelligencescope:eqversion:12.2.1.3.0

Trust: 1.0

vendor:oraclemodel:jd edwards enterpriseone toolsscope:eqversion:9.2.4.2

Trust: 1.0

vendor:oraclemodel:communications application session controllerscope:eqversion:3.9m0p2

Trust: 1.0

vendor:oraclemodel:retail order brokerscope:eqversion:15.0

Trust: 1.0

vendor:oraclemodel:business intelligencescope:eqversion:5.5.0.0.0

Trust: 1.0

vendor:oraclemodel:hyperion financial reportingscope:eqversion:11.2.5.0

Trust: 1.0

vendor:oraclemodel:retail point-of-servicescope:eqversion:14.1

Trust: 1.0

vendor:oraclemodel:api gatewayscope:eqversion:11.1.2.4.0

Trust: 1.0

vendor:oraclemodel:hospitality opera 5scope:eqversion:5.5

Trust: 1.0

vendor:oraclemodel:hospitality opera 5scope:eqversion:5.6

Trust: 1.0

vendor:oraclemodel:jd edwards enterpriseone toolsscope:ltversion:9.2.4.0

Trust: 1.0

vendor:oraclemodel:instantis enterprisetrackscope:lteversion:17.3

Trust: 1.0

vendor:oraclemodel:instantis enterprisetrackscope:gteversion:17.1

Trust: 1.0

vendor:apachemodel:batikscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-016095 // NVD: CVE-2019-17566

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-17566
value: HIGH

Trust: 1.0

NVD: CVE-2019-17566
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202006-1585
value: HIGH

Trust: 0.6

VULHUB: VHN-149825
value: MEDIUM

Trust: 0.1

VULMON: CVE-2019-17566
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-17566
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-149825
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-17566
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-17566
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-149825 // VULMON: CVE-2019-17566 // JVNDB: JVNDB-2019-016095 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202006-1585 // NVD: CVE-2019-17566

PROBLEMTYPE DATA

problemtype:CWE-918

Trust: 1.1

problemtype:Server-side request forgery (CWE-918) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-149825 // JVNDB: JVNDB-2019-016095 // NVD: CVE-2019-17566

THREAT TYPE

remote

Trust: 1.0

sources: PACKETSTORM: 160562 // PACKETSTORM: 159924 // PACKETSTORM: 159921 // PACKETSTORM: 172659 // CNNVD: CNNVD-202006-1585

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:The Apache XML Graphics Project - Securityurl:https://lists.apache.org/thread.html/rab94fe68b180d2e2fba97abf6fe1ec83cff826be25f86cd90f047171@%3Ccommits.myfaces.apache.org%3E

Trust: 0.8

title:Debian CVElist Bug Report Logs: batik: CVE-2019-17566url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=99e95af81076a02ef0783f988b4da3b3

Trust: 0.1

title:Red Hat: Moderate: Red Hat Process Automation Manager 7.9.0 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204961 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Red Hat Decision Manager 7.9.0 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204960 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat Fuse 7.8.0 release and security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20205568 - Security Advisory

Trust: 0.1

title: - url:https://github.com/yuriisanin/svg2raster-cheatsheet

Trust: 0.1

sources: VULMON: CVE-2019-17566 // JVNDB: JVNDB-2019-016095

EXTERNAL IDS

db:NVDid:CVE-2019-17566

Trust: 3.1

db:PACKETSTORMid:160562

Trust: 0.8

db:PACKETSTORMid:159921

Trust: 0.8

db:JVNDBid:JVNDB-2019-016095

Trust: 0.8

db:CNNVDid:CNNVD-202006-1585

Trust: 0.7

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:AUSCERTid:ESB-2020.3894

Trust: 0.6

db:AUSCERTid:ESB-2023.3077

Trust: 0.6

db:AUSCERTid:ESB-2020.4464

Trust: 0.6

db:AUSCERTid:ESB-2020.3485

Trust: 0.6

db:AUSCERTid:ESB-2020.3095

Trust: 0.6

db:AUSCERTid:ESB-2020.2937

Trust: 0.6

db:AUSCERTid:ESB-2023.1653

Trust: 0.6

db:CS-HELPid:SB2022011838

Trust: 0.6

db:CS-HELPid:SB2021042618

Trust: 0.6

db:CS-HELPid:SB2021042549

Trust: 0.6

db:CS-HELPid:SB2021072754

Trust: 0.6

db:CS-HELPid:SB2021072125

Trust: 0.6

db:PACKETSTORMid:159924

Trust: 0.2

db:CNVDid:CNVD-2020-44096

Trust: 0.1

db:VULHUBid:VHN-149825

Trust: 0.1

db:VULMONid:CVE-2019-17566

Trust: 0.1

db:PACKETSTORMid:172659

Trust: 0.1

db:PACKETSTORMid:176409

Trust: 0.1

sources: VULHUB: VHN-149825 // VULMON: CVE-2019-17566 // JVNDB: JVNDB-2019-016095 // PACKETSTORM: 160562 // PACKETSTORM: 159924 // PACKETSTORM: 159921 // PACKETSTORM: 172659 // PACKETSTORM: 176409 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202006-1585 // NVD: CVE-2019-17566

REFERENCES

url:https://www.oracle.com/security-alerts/cpuapr2021.html

Trust: 2.4

url:https://www.oracle.com/security-alerts/cpujan2021.html

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-17566

Trust: 1.9

url:https://www.oracle.com//security-alerts/cpujul2021.html

Trust: 1.8

url:https://www.oracle.com/security-alerts/cpujan2022.html

Trust: 1.8

url:https://www.oracle.com/security-alerts/cpuoct2021.html

Trust: 1.8

url:https://xmlgraphics.apache.org/security.html

Trust: 1.8

url:https://www.oracle.com/security-alerts/cpujul2022.html

Trust: 1.7

url:https://security.gentoo.org/glsa/202401-11

Trust: 1.1

url:https://lists.apache.org/thread.html/rcab14a9ec91aa4c151e0729966282920423eff50a22759fd21db6509%40%3ccommits.myfaces.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rab94fe68b180d2e2fba97abf6fe1ec83cff826be25f86cd90f047171%40%3ccommits.myfaces.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rab94fe68b180d2e2fba97abf6fe1ec83cff826be25f86cd90f047171@%3ccommits.myfaces.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/rcab14a9ec91aa4c151e0729966282920423eff50a22759fd21db6509@%3ccommits.myfaces.apache.org%3e

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.3077

Trust: 0.6

url:https://packetstormsecurity.com/files/160562/red-hat-security-advisory-2020-5568-01.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021072754

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-have-been-identified-in-ibm-websphere-application-server-shipped-with-ibm-storediq-for-legal/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022011838

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.1653

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-batik-affects-websphere-application-server-cve-2019-17566/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021072125

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.4464/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021042618

Trust: 0.6

url:https://packetstormsecurity.com/files/159921/red-hat-security-advisory-2020-4960-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3095/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-apache-batik-affect-tivoli-netcool-omnibus-webgui-cve-2017-5662-cve-2018-8013-cve-2015-0250-cve-2019-17566/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021042549

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2937/

Trust: 0.6

url:https://www.oracle.com/security-alerts/cpujul2021.html

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-batik-library-affects-ibm-cram-social-program-management-cve-2019-17566/

Trust: 0.6

url:https://vigilance.fr/vulnerability/apache-xml-graphics-batik-information-disclosure-via-ssrf-32600

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3485/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3894/

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2019-17566

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-14900

Trust: 0.3

url:https://access.redhat.com/security/team/contact/

Trust: 0.3

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-10683

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-10683

Trust: 0.3

url:https://bugzilla.redhat.com/):

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-14900

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-2875

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-2934

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-2933

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-1945

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-10693

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-1954

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-10714

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-1945

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-2875

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-2934

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-2933

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-10714

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-10693

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-1748

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-1954

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-1748

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-40146

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/918.html

Trust: 0.1

url:https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964510

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-1719

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=jboss.fuse&version=7.8.0

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-12406

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11973

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11972

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-2692

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9488

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-1000873

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11989

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10740

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-13990

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11980

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11972

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-1950

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-12406

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11989

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-3774

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-0210

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11612

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11980

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-1960

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-0205

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-1393

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11971

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-1000873

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-7226

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-10219

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9489

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14326

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13692

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-0210

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-10202

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-10202

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-13990

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-3773

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13692

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11994

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-10219

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11973

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-1714

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-5398

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-11777

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13933

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-12423

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-3774

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10740

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11612

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-17638

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-12423

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-17638

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-2692

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19343

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11994

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11971

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19343

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:5568

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-3773

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-0205

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-11777

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:4961

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.9/

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=rhpam&version=7.9.0

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=rhdm&version=7.9.0

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_decision_manager/7.9/

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:4960

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/batik/1.10-2~18.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/batik/1.14-1ubuntu0.2

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/batik/1.14-2ubuntu0.1

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-6117-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/batik/1.12-1ubuntu0.1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-44729

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-42890

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11987

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-44730

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-38398

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-41704

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-8013

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-38648

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

sources: VULHUB: VHN-149825 // VULMON: CVE-2019-17566 // JVNDB: JVNDB-2019-016095 // PACKETSTORM: 160562 // PACKETSTORM: 159924 // PACKETSTORM: 159921 // PACKETSTORM: 172659 // PACKETSTORM: 176409 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202006-1585 // NVD: CVE-2019-17566

CREDITS

Red Hat

Trust: 0.9

sources: PACKETSTORM: 160562 // PACKETSTORM: 159924 // PACKETSTORM: 159921 // CNNVD: CNNVD-202006-1585

SOURCES

db:VULHUBid:VHN-149825
db:VULMONid:CVE-2019-17566
db:JVNDBid:JVNDB-2019-016095
db:PACKETSTORMid:160562
db:PACKETSTORMid:159924
db:PACKETSTORMid:159921
db:PACKETSTORMid:172659
db:PACKETSTORMid:176409
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202006-1585
db:NVDid:CVE-2019-17566

LAST UPDATE DATE

2024-11-23T19:54:03.936000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-149825date:2022-12-06T00:00:00
db:VULMONid:CVE-2019-17566date:2022-04-05T00:00:00
db:JVNDBid:JVNDB-2019-016095date:2021-06-21T07:10:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202006-1585date:2023-05-31T00:00:00
db:NVDid:CVE-2019-17566date:2024-11-21T04:32:32.617

SOURCES RELEASE DATE

db:VULHUBid:VHN-149825date:2020-11-12T00:00:00
db:VULMONid:CVE-2019-17566date:2020-11-12T00:00:00
db:JVNDBid:JVNDB-2019-016095date:2021-06-21T00:00:00
db:PACKETSTORMid:160562date:2020-12-16T18:17:52
db:PACKETSTORMid:159924date:2020-11-06T15:18:46
db:PACKETSTORMid:159921date:2020-11-06T15:06:03
db:PACKETSTORMid:172659date:2023-05-31T16:30:56
db:PACKETSTORMid:176409date:2024-01-08T15:04:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202006-1585date:2020-06-23T00:00:00
db:NVDid:CVE-2019-17566date:2020-11-12T18:15:12.567