CVE-2019-11987
published 2019-06-05CVE-2019-11987: A security vulnerability in HPE Smart Update Manager (SUM) prior to v8.4 could allow local unauthorized elevation of privilege.
PriorityP336high7.8CVSS 3.0
AVLACLPRLUINSUCHIHAH
EPSS
0.32%
23.4th percentile
A security vulnerability in HPE Smart Update Manager (SUM) prior to v8.4 could allow local unauthorized elevation of privilege.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | batik | >= 0 < 1.10-2~18.04.1 | 1.10-2~18.04.1 |
| apache | batik | >= 0 < 1.12-1ubuntu0.1 | 1.12-1ubuntu0.1 |
| apache | batik | >= 0 < 1.14-1ubuntu0.2 | 1.14-1ubuntu0.2 |
| apache | batik | >= 0 < 1.7.ubuntu-8ubuntu2.14.04.3+esm1 | 1.7.ubuntu-8ubuntu2.14.04.3+esm1 |
| apache | batik | >= 0 < 1.8-3ubuntu1+esm1 | 1.8-3ubuntu1+esm1 |
| hpe | smart_update_manager | < 8.4 | 8.4 |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
batik vulnerabilities
osv·2023-05-30·CVSS 7.5
CVE-2019-17566 batik vulnerabilities
batik vulnerabilities
It was discovered that Apache Batik incorrectly handled certain inputs. An
attacker could possibly use this to perform a cross site request forgery
attack. (CVE-2019-17566, CVE-2020-11987, CVE-2022-38398, CVE-2022-38648)
It was discovered that Apache Batik incorrectly handled Jar URLs in some
situations. A remote attacker could use this issue to access files on the
server. (CVE-2022-40146)
It was discovered that Apache Batik allowed running untrusted Java code from
an SVG. An attacker could use this issue to cause a denial of service,
or possibly execute arbitrary code. (CVE-2022-41704, CVE-2022-42890)
GHSA
GHSA-95j4-f97h-3f57: A security vulnerability in HPE Smart Update Manager (SUM) prior to v8
ghsa_unreviewed·2022-05-24
CVE-2019-11987 [HIGH] GHSA-95j4-f97h-3f57: A security vulnerability in HPE Smart Update Manager (SUM) prior to v8
A security vulnerability in HPE Smart Update Manager (SUM) prior to v8.4 could allow local unauthorized elevation of privilege.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-06-05
Published