CVE-2019-17566

Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.

Published: Nov 12, 2020
Updated: Nov 8, 2023
CVE: CVE-2019-17566
GHSA: GHSA-cmx4-p4v5-hmr5
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:P/A:N

CWEs:

Affected Software
References

Software	From	Fixed in
apache / batik	-	1.13
oracle / api_gateway	11.1.2.4.0	11.1.2.4.0.x
oracle / hyperion_financial_reporting	11.1.2.4	11.1.2.4.x
oracle / enterprise_repository	11.1.1.7.0	11.1.1.7.0.x
oracle / business_intelligence	12.2.1.3.0	12.2.1.3.0.x
oracle / retail_order_broker	15.0	15.0.x
oracle / retail_order_broker	16.0	16.0.x
oracle / retail_returns_management	14.1	14.1.x
oracle / retail_point-of-service	14.1	14.1.x
oracle / business_intelligence	12.2.1.4.0	12.2.1.4.0.x
oracle / business_intelligence	5.5.0.0.0	5.5.0.0.0.x
oracle / financial_services_analytical_applications_infrastructure	8.0.6	8.1.0.x
oracle / fusion_middleware_mapviewer	12.2.1.4.0	12.2.1.4.0.x
oracle / instantis_enterprisetrack	17.1	17.3.x
oracle / communications_offline_mediation_controller	12.0.0.3.0	12.0.0.3.0.x
oracle / retail_integration_bus	15.0.3	15.0.3.x
oracle / communications_application_session_controller	3.9m0p2	3.9m0p2.x
oracle / hospitality_opera_5	5.5	5.5.x
oracle / hospitality_opera_5	5.6	5.6.x
oracle / business_intelligence	5.9.0.0.0	5.9.0.0.0.x
oracle / retail_order_management_system_cloud_service	19.5	19.5.x
oracle / jd_edwards_enterpriseone_tools	-	9.2.4.0
oracle / communications_metasolv_solution	6.3.0	6.3.1.x
oracle / jd_edwards_enterpriseone_tools	9.2.4.2	9.2.4.2.x
oracle / hyperion_financial_reporting	11.2.5.0	11.2.5.0.x
org.apache.xmlgraphics / batik	-	1.13

Vulnerability Database

289,599

CVE-2019-17566