Severity: Low2022-12-15
Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.
The Oxygen products incorporate Batik as a third-party library. This advisory was opened to address the potential impact of this third-party library vulnerability.
| Product | Severity | Fixed Release Availability |
| Oxygen XML Author v24.1 and older | Low | Oxygen XML
Author 24.1 build 2022110312 Oxygen XML Author 25.0 build 2022101006 |
| Oxygen XML Developer v24.1 and older | Low | Oxygen
XML Developer 24.1 build 2022110312 Oxygen XML Developer 25.0 build 2022101006 |
| Oxygen XML Editor v24.1 and older | Low | Oxygen XML
Editor 24.1 build 2022110312 Oxygen XML Editor 25.0 build 2022101006 |
| Oxygen Publishing Engine v24.1 and older | Low |
Oxygen Publishing Engine 24.1 build 2022110402 Oxygen Publishing Engine 25.0 build 2022101006 |
CVE-2022-40146
Severity: High
CVSS Score: 7.5
The Batik third-party library used by Oxygen XML products is an affected version mentioned in CVE-2022-40146 vulnerability description. However, the Oxygen products have security mechanism that blocks connections to untrusted hosts. For that reason, we have rated the severity level for our products as low.
This website was created & generated with <oXygen/>®XML Editor
