Vulnerability Name:

CVE-2022-38398 (CCN-236845)

Assigned:2022-09-22
Published:2022-09-22
Updated:2022-09-23
Summary:Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14.
CVSS v3 Severity:5.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
4.6 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-918
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2022-38398

Source: XF
Type: UNKNOWN
apache-cve202238398-ssrf(236845)

Source: MISC
Type: Mailing List, Vendor Advisory
https://lists.apache.org/thread/712c9xwtmyghyokzrm2ml6sps4xlmbsx

Source: CCN
Type: oss-sec Mailing List, Thu, 22 Sep 2022 13:51:04 +0100
[CVE-2022-38398] Apache Batik information disclosure vulnerability

Source: CCN
Type: IBM Security Bulletin 6980867 (Maximo Application Suite)
There are several vulnerabilities in Apache Batik used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-40146, CVE-2022-38648, CVE-2022-38398)

Source: CCN
Type: IBM Security Bulletin 6981109 (Maximo Asset Management)
There are several vulnerabilities in Apache Batik used by IBM Maximo Asset Management (CVE-2022-40146, CVE-2022-38648, CVE-2022-38398)

Source: CCN
Type: IBM Security Bulletin 6987499 (Business Automation Workflow traditional)
Multiple vulnerabilities in DITA may affect IBM Business Automation Workflow and IBM Case Manager

Source: CCN
Type: IBM Security Bulletin 6987681 (Engineering Test Management)
Vulnerabilities in batik-all library affects IBM Engineering Test Management (ETM) (CVE-2022-38648, CVE-2022-40146, CVE-2022)

Source: CCN
Type: IBM Security Bulletin 7001793 (App Connect Enterprise Toolkit)
Multiple vulnerabilities affect the IBM App Connect Enterprise Toolkit and the IBM Integration Bus Toolkit

Source: CCN
Type: IBM Security Bulletin 7011741 (Engineering Systems Design Rhapsody)
The IBM Engineering System Design Rhapsody products on IBM Jazz Technology contains additional security fixe for CVE-2022-40146, CVE-2022-38648, CVE-2022-38398 for batik-bridge-1.7.jar (Publicly disclosed vulnerability found by Mend)

Source: CCN
Type: Mend Vulnerability Database
CVE-2022-38398

Source: CCN
Type: ZDI-22-1328
Apache Batik DefaultExternalResourceSecurity Server-Side Request Forgery Information Disclosure Vulnerability

Source: CCN
Type: Apache Web site
Apache Batik

Vulnerable Configuration:Configuration 1:
  • cpe:/a:apache:batik:1.14:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:apache:batik:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:apache:batik:1.14:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:app_connect:11.0.0.1:*:*:*:enterprise:*:*:*
  • OR cpe:/a:ibm:engineering_test_management:7.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:engineering_test_management:7.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise:12.0.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:business_automation_workflow:20.0.0.1:*:*:*:traditional:*:*:*
  • OR cpe:/a:ibm:business_automation_workflow:20.0.0.2:*:*:*:traditional:*:*:*
  • OR cpe:/a:ibm:business_automation_workflow:21.0.1:*:*:*:traditional:*:*:*
  • OR cpe:/a:ibm:maximo_asset_management:7.6.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:case_manager:5.3.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:business_automation_workflow:22.0.1:*:*:*:traditional:*:*:*
  • OR cpe:/a:ibm:maximo_asset_management:7.6.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:business_automation_workflow:21.0.3.1:*:*:*:traditional:*:*:*
  • OR cpe:/a:ibm:business_automation_workflow:22.0.2:*:*:*:traditional:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:8070
    P
    		xmlgraphics-batik-1.15-150200.4.4.3 on GA media (Moderate)
    2023-06-20
    BACK
    apache batik 1.14
    apache batik 1.0
    apache batik 1.14
    ibm app connect 11.0.0.1
    ibm engineering test management 7.0.1
    ibm engineering test management 7.0.2
    ibm app connect enterprise 12.0.1.0
    ibm business automation workflow 20.0.0.1
    ibm business automation workflow 20.0.0.2
    ibm business automation workflow 21.0.1
    ibm maximo asset management 7.6.1.2
    ibm case manager 5.3.3
    ibm business automation workflow 22.0.1
    ibm maximo asset management 7.6.1.3
    ibm business automation workflow 21.0.3.1
    ibm business automation workflow 22.0.2