Rewterz Threat Advisory – Multiple NETGEAR RAX30 Vulnerabilities
August 23, 2023Rewterz Threat Alert – Researchers Uncovered More Than 3,000 Android Malware Samples Employing Diverse Evasion Techniques – Active IOCs
August 23, 2023Rewterz Threat Advisory – Multiple NETGEAR RAX30 Vulnerabilities
August 23, 2023Rewterz Threat Alert – Researchers Uncovered More Than 3,000 Android Malware Samples Employing Diverse Evasion Techniques – Active IOCs
August 23, 2023Severity
Medium
Analysis Summary
CVE-2022-44730 CVSS:5.5
Apache Batik is vulnerable to server-side request forgery, caused by improper input validation. By persuading a victim to open specially crafted SVG file, an attacker could exploit this vulnerability to conduct SSRF attack to probe user profile/data and send it directly as parameter to a URL.
CVE-2022-44729 CVSS:7.1
Apache Batik is vulnerable to server-side request forgery, caused by improper input validation. By persuading a victim to open specially crafted SVG file, an attacker could exploit this vulnerability to conduct SSRF attack to cause resource consumption and obtain sensitive information.
Impact
- Information Theft
- Gain Access
Indicators Of Compromise
CVE
- CVE-2022-44730
- CVE-2022-44729
Affected Vendors
Apache
Affected Products
- Apache Batik 1.16
- Apache Batik 1.0
Remediation
Upgrade to the latest version of Apache Batik, available from the Apache Website.