The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.
Base Score: 6.4
Impact Score: 4.9
Exploitability Score: 10
Base Score: 8.2
Impact Score: 4.2
Exploitability Score: 3.9
cpe:2.3:a:apache:batik:*:*:*:*:*:*:*:* versions up to 1.13 (inclusive)
cpe:2.3:a:oracle:flexcube_universal_banking:*:*:*:*:*:*:*:* versions from 14.1.0 to 14.4.0 (inclusive)
cpe:2.3:a:oracle:insurance_policy_administration:*:*:*:*:*:*:*:* versions from 11.0 to 11.3.1 (inclusive)