CVE-2022-44730

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-44730
Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. A malicious SVG can probe user profile / data and send it directly as parameter to a URL.

4.4 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 2.5

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
http://www.openwall.com/lists/oss-security/2023/08/22/3 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/08/22/5 Mailing List Third Party Advisory
https://lists.apache.org/thread/58m5817jr059f4v1zogh0fngj9pwjyj0 Mailing List Vendor Advisory
https://lists.debian.org/debian-lts-announce/2023/10/msg00021.html Mailing List
https://security.gentoo.org/glsa/202401-11
https://xmlgraphics.apache.org/security.html Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:xml_graphics_batik:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
History

07 Jan 2024, 11:15

Type Values Removed Values Added
References
  • () https://security.gentoo.org/glsa/202401-11 -

30 Oct 2023, 02:18

Type Values Removed Values Added
CPE cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
References (MISC) https://lists.debian.org/debian-lts-announce/2023/10/msg00021.html - (MISC) https://lists.debian.org/debian-lts-announce/2023/10/msg00021.html - Mailing List
First Time Debian debian Linux
Debian

15 Oct 2023, 00:15

Type Values Removed Values Added
References
  • (MISC) https://lists.debian.org/debian-lts-announce/2023/10/msg00021.html -

31 Aug 2023, 13:52

Type Values Removed Values Added
First Time Apache
Apache xml Graphics Batik
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 4.4
CPE cpe:2.3:a:apache:xml_graphics_batik:*:*:*:*:*:*:*:*
References (MISC) http://www.openwall.com/lists/oss-security/2023/08/22/3 - (MISC) http://www.openwall.com/lists/oss-security/2023/08/22/3 - Mailing List, Third Party Advisory
References (MISC) https://xmlgraphics.apache.org/security.html - (MISC) https://xmlgraphics.apache.org/security.html - Vendor Advisory
References (MISC) https://lists.apache.org/thread/58m5817jr059f4v1zogh0fngj9pwjyj0 - (MISC) https://lists.apache.org/thread/58m5817jr059f4v1zogh0fngj9pwjyj0 - Mailing List, Vendor Advisory
References (MISC) http://www.openwall.com/lists/oss-security/2023/08/22/5 - (MISC) http://www.openwall.com/lists/oss-security/2023/08/22/5 - Mailing List, Third Party Advisory

23 Aug 2023, 00:15

Type Values Removed Values Added
References
  • (MISC) http://www.openwall.com/lists/oss-security/2023/08/22/3 -
  • (MISC) http://www.openwall.com/lists/oss-security/2023/08/22/5 -

22 Aug 2023, 20:10

Type Values Removed Values Added
New CVE
Information

Published : 2023-08-22 19:16

Updated : 2024-01-07 11:15

NVD link : CVE-2022-44730

Mitre link : CVE-2022-44730

CVE.ORG link : CVE-2022-44730

JSON object : View

Products Affected

apache

  • xml_graphics_batik

debian

  • debian_linux
CWE
CWE-918

Server-Side Request Forgery (SSRF)