CVE-2022-44729 - Server-Side Request Forgery (SSRF)
Severity: High2023-11-09
Abstract
Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even information disclosure. Users are recommended to upgrade to version 1.17 or later.
The Oxygen products incorporate Apache XML Graphics Batik as a third-party library. This advisory was opened to address the potential impact of this third-party library vulnerability.
Affected Products/Versions
Product | Severity | Fixed Release Availability |
Oxygen XML Author v25.1 and older | High | Oxygen XML
Author 25.1 build 2023110913 Oxygen XML Author 26.0 build 2023100905 |
Oxygen XML Developer v25.1 and older | High | Oxygen
XML Developer 25.1 build 2023110913 Oxygen XML Developer 26.0 build 2023100905 |
Oxygen XML Editor v25.1 and older | High | Oxygen XML
Editor 25.1 build 2023110913 Oxygen XML Editor 26.0 build 2023100905 |
Oxygen XML Web Author v25.1.0.1 and older | None | Oxygen XML Web Author 26.0.0 build 2023101015 |
Oxygen Publishing Engine v25.1 and older | None |
Oxygen Publishing Engine 25.1 build 2023110913 Oxygen Publishing Engine 26.0 build 2023100523 |
Detail
CVE-2022-44729
Severity: High
CVSS Score: 7.1
The Apache XML Graphics Batik third-party library used by Oxygen XML products is an affected version mentioned in CVE-2022-44729 vulnerability description.
Starting with Oxygen XML Author v25.1 build 2023110913 Apache XML Graphics Batik library was updated to a version which fixes this vulnerability.
Starting with Oxygen XML Developer v25.1 build 2023110913 Apache XML Graphics Batik library was updated to a version which fixes this vulnerability.
Starting with Oxygen XML Editor v25.1 build 2023110913 Apache XML Graphics Batik library was updated to a version which fixes this vulnerability.
Starting with Oxygen XML Author v26.0 build 2023100905 Apache XML Graphics Batik library was updated to a version which fixes this vulnerability.
Starting with Oxygen XML Developer v26.0 build 2023100905 Apache XML Graphics Batik library was updated to a version which fixes this vulnerability.
Starting with Oxygen XML Editor v26.0 build 2023100905 Apache XML Graphics Batik library was updated to a version which fixes this vulnerability.
Starting with Oxygen XML Web Author v26.0 build 2023101015 Apache XML Graphics Batik library was updated to a version which fixes this vulnerability.
Starting with Oxygen Publishing Engine v25.1 build 2023110913 Apache XML Graphics Batik library was updated to a version which fixes this vulnerability.
Starting with Oxygen Publishing Engine v26.0 build 2023100523 Apache XML Graphics Batik library was updated to a version which fixes this vulnerability.