Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even information disclosure. Users are recommended to upgrade to version 1.17 or later.

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.

  - batik: Server-Side Request Forgery vulnerability (CVE-2022-44729)

  - Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics     Batik.This issue affects Apache XML Graphics Batik: 1.16. A malicious SVG can probe user profile / data     and send it directly as parameter to a URL. (CVE-2022-44730)

Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package is installed.

This plugin has been deprecated as it does not adhere to established standards for this style of check.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0808-1 advisory.

  - A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG.
    This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.
    (CVE-2022-41704)

  - A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via     JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to     version 1.16. (CVE-2022-42890)

  - Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics     Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger     loading external resources by default, causing resource consumption or in some cases even information     disclosure. Users are recommended to upgrade to version 1.17 or later. (CVE-2022-44729)

  - Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics     Batik.This issue affects Apache XML Graphics Batik: 1.16. A malicious SVG can probe user profile / data     and send it directly as parameter to a URL. (CVE-2022-44730)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES12 / SLES_SAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0777-1 advisory.

  - In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed     to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the     user context in which the exploitable application is running. If the user is root a full compromise of the     server - including confidential or sensitive files - would be possible. XXE can also be used to attack the     availability of the server via denial of service as the references within a xml document can trivially     trigger an amplification attack. (CVE-2017-5662)

  - Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the     xlink:href attributes. By using a specially-crafted argument, an attacker could exploit this     vulnerability to cause the underlying server to make arbitrary GET requests. (CVE-2019-17566)

  - Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the     NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to     cause the underlying server to make arbitrary GET requests. (CVE-2020-11987)

  - Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to     load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14. (CVE-2022-38398)

  - Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to     fetch external resources. This issue affects Apache XML Graphics Batik 1.14. (CVE-2022-38648)

  - Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to     access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14. (CVE-2022-40146)

  - A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG.
    This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.
    (CVE-2022-41704)

  - A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via     JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to     version 1.16. (CVE-2022-42890)

  - Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics     Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger     loading external resources by default, causing resource consumption or in some cases even information     disclosure. Users are recommended to upgrade to version 1.17 or later. (CVE-2022-44729)

  - Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics     Batik.This issue affects Apache XML Graphics Batik: 1.16. A malicious SVG can probe user profile / data     and send it directly as parameter to a URL. (CVE-2022-44730)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Oracle Business Intelligence Enterprise Edition (OAS) 6.4.0.0.0 installed on the remote host is affected by multiple vulnerabilities as referenced in the January 2024 CPU advisory, including the following:

  - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics     (component: Analytics Server (Apache Solr)). The supported version that is affected is 6.4.0.0.0.     Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to     compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can     result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle     Business Intelligence Enterprise Edition. (CVE-2021-33813)

  - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics     (component: Visual Analyzer (Apache Ivy)). The supported version that is affected is 6.4.0.0.0. Easily     exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise     Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in     unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise     Edition accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of     Oracle Business Intelligence Enterprise Edition. (CVE-2022-46751)

  - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics     (component: Pod Admin). Supported versions that are affected are 6.4.0.0.0 and 12.2.1.4.0. Easily     exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise     Oracle Business Intelligence Enterprise Edition. While the vulnerability is in Oracle Business     Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change).     Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle     Business Intelligence Enterprise Edition accessible data. (CVE-2024-20904)   Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Oracle Business Intelligence Enterprise Edition 12.2.1.4 installed on the remote host is affected by multiple vulnerabilities as referenced in the January 2024 CPU advisory, including the following:

  - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics     (component: BI Platform Security (jQueryUI)). Supported versions that are affected are 6.4.0.0.0,     7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network     access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require     human interaction from a person other than the attacker and while the vulnerability is in Oracle Business     Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change).     Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to     some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read     access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. (CVE-2022-31160)

  - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics     (component: Presentation Services (Apache Batik)). Supported versions that are affected are 6.4.0.0.0,     7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to     the infrastructure where Oracle Business Intelligence Enterprise Edition executes to compromise Oracle     Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person     other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to     critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data     and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business     Intelligence Enterprise Edition. (CVE-2022-44729)

  - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics     (component: BI Platform Security). The supported version that is affected is 12.2.1.4.0. Easily     exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise     Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a     person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise     Edition, attacks may significantly impact additional products (scope change). Successful attacks of this     vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business     Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle     Business Intelligence Enterprise Edition accessible data. (CVE-2024-20913)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Oracle Business Intelligence Enterprise Edition (OAS) 7.0.0.0 installed on the remote host is affected by multiple vulnerabilities as referenced in the January 2024 CPU advisory, including the following:

  - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics     (component: Installation (Google Gson)). Supported versions that are affected are 6.4.0.0.0 and     7.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via     HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this     vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash     (complete DOS) of Oracle Business Intelligence Enterprise Edition. (CVE-2022-25647)

  - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics     (component: Majel Mobile Service (JSON-java)). Supported versions that are affected are 6.4.0.0.0 and     7.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP     to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability     can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of     Oracle Business Intelligence Enterprise Edition. (CVE-2023-5072)

  - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics     (component: Visual Analyzer (Snappy)). The supported version that is affected is 7.0.0.0.0. Easily     exploitable vulnerability allows unauthenticated attacker with network access via HTTP to     compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability     can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of     Oracle Business Intelligence Enterprise Edition. (CVE-2023-43642)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Jira Service Management Data Center and Server (Jira Service Desk) running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-14958 advisory.

  - Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics     Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger     loading external resources by default, causing resource consumption or in some cases even information     disclosure. Users are recommended to upgrade to version 1.17 or later. (CVE-2022-44729)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote host is affected by the vulnerability described in GLSA-202401-11 (Apache Batik: Multiple Vulnerabilities)

  - In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a     string from the inputStream as the class name which then use it to call the no-arg constructor of the     class. Fix was to check the class type before calling newInstance in deserialization. (CVE-2018-8013)

  - Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the     xlink:href attributes. By using a specially-crafted argument, an attacker could exploit this     vulnerability to cause the underlying server to make arbitrary GET requests. (CVE-2019-17566)

  - Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the     NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to     cause the underlying server to make arbitrary GET requests. (CVE-2020-11987)

  - Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to     load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14. (CVE-2022-38398)

  - Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to     fetch external resources. This issue affects Apache XML Graphics Batik 1.14. (CVE-2022-38648)

  - Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to     access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14. (CVE-2022-40146)

  - A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG.
    This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.
    (CVE-2022-41704)

  - A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via     JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to     version 1.16. (CVE-2022-42890)

  - Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics     Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger     loading external resources by default, causing resource consumption or in some cases even information     disclosure. Users are recommended to upgrade to version 1.17 or later. (CVE-2022-44729)

  - Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics     Batik.This issue affects Apache XML Graphics Batik: 1.16. A malicious SVG can probe user profile / data     and send it directly as parameter to a URL. (CVE-2022-44730)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The versions of Oracle Database Server installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2023 CPU advisory.

  - Vulnerability in the Oracle Spatial and Graph (cURL) component of Oracle Database Server. Supported     versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows low     privileged attacker having Authenticated User privilege with network access via HTTP to compromise Oracle     Spatial and Graph (cURL). Successful attacks of this vulnerability can result in unauthorized ability to     cause a hang or frequently repeatable crash (complete DOS) of Oracle Spatial and Graph (cURL).
    (CVE-2023-38039)

  - Vulnerability in the OML4Py (cryptography) component of Oracle Database Server. Supported versions that     are affected are 21.3-21.11. Difficult to exploit vulnerability allows unauthenticated attacker with     network access via HTTP to compromise OML4Py (cryptography). Successful attacks of this vulnerability can     result in unauthorized creation, deletion or modification access to critical data or all     OML4Py (cryptography) accessible data. (CVE-2022-23491)

  - Vulnerability in the PL/SQL component of Oracle Database Server. Supported versions that are affected are     19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows high privileged attacker having Create     Session, Execute on sys.utl_http privilege with network access via Oracle Net to compromise PL/SQL.
    Successful attacks require human interaction from a person other than the attacker and while the     vulnerability is in PL/SQL, attacks may significantly impact additional products (scope change).
    Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to     some of PL/SQL accessible data as well as unauthorized read access to a subset of PL/SQL accessible data     and unauthorized ability to cause a partial denial of service (partial DOS) of PL/SQL. (CVE-2023-22071)

  - Security-in-depth update for non-exploitable vulnerabilities CVE-2020-25649, CVE-2020-36518, CVE-2021-34031,     CVE-2022-4899, CVE-2022-42003, CVE-2022-42004, CVE-2022-46908, CVE-2023-2976 and CVE-2023-35887.


Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Oracle WebLogic Server installed on the remote host is missing a security patch from the October 2023 Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities, including:

  - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core (Apache     Commons BCEL)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable     vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic     Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server     (CVE-2022-42920)

  - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Centralized     Thirdparty Jars (Apache Maven Shared Utils)). The supported version that is affected is 14.1.1.0.0. Easily     exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to     compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of     Oracle WebLogic Server. (CVE-2022-29599)

  - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).
    Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability     allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server.
    Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server.
    (CVE-2023-22069)

  Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3619 advisory.

  - Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the     NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to     cause the underlying server to make arbitrary GET requests. (CVE-2020-11987)

  - Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to     load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14. (CVE-2022-38398)

  - Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to     fetch external resources. This issue affects Apache XML Graphics Batik 1.14. (CVE-2022-38648)

  - Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to     access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14. (CVE-2022-40146)

  - Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics     Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger     loading external resources by default, causing resource consumption or in some cases even information     disclosure. Users are recommended to upgrade to version 1.17 or later. (CVE-2022-44729)

  - Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics     Batik.This issue affects Apache XML Graphics Batik: 1.16. A malicious SVG can probe user profile / data     and send it directly as parameter to a URL. (CVE-2022-44730)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
198844	RHEL 8 : fop (Unpatched Vulnerability)	Nessus	Red Hat Local Security Checks	high
196816	RHEL 6 : batik (Unpatched Vulnerability) (deprecated)	Nessus	Red Hat Local Security Checks	critical
196773	RHEL 7 : batik (Unpatched Vulnerability) (deprecated)	Nessus	Red Hat Local Security Checks	critical
191745	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : xmlgraphics-batik (SUSE-SU-2024:0808-1)	Nessus	SuSE Local Security Checks	high
191700	SUSE SLES12 Security Update : xmlgraphics-batik (SUSE-SU-2024:0777-1)	Nessus	SuSE Local Security Checks	high
189734	Oracle Business Intelligence Enterprise Edition (OAS 6.4) (January 2024 CPU)	Nessus	Misc.	high
189733	Oracle Business Intelligence Enterprise Edition (January 2024 CPU)	Nessus	Misc.	high
189732	Oracle Business Intelligence Enterprise Edition (OAS 7.0) (January 2024 CPU)	Nessus	Misc.	high
188067	Atlassian Jira Service Management Data Center and Server < 4.20.30 / 5.4.x < 5.4.15 / 5.7.x < 5.12.2 (JSDSERVER-14958)	Nessus	Misc.	high
187730	GLSA-202401-11 : Apache Batik: Multiple Vulnerabilities	Nessus	Gentoo Local Security Checks	critical
183503	Oracle Database Server (October 2023 CPU)	Nessus	Databases	medium
183311	Oracle WebLogic Server (October 2023 CPU)	Nessus	Misc.	critical
183091	Debian DLA-3619-1 : batik - LTS security update	Nessus	Debian Local Security Checks	high

Detections

Analytics

CVE-2022-44729

high

Tenable Plugins

high

critical

critical

high

high

high

high

high

high

critical

medium

critical

high