VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-y6gb-u9m5-2bhd

Essentials
Severities (22)
References (18)
Severity details (19)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-y6gb-u9m5-2bhd
Aliases	CVE-2022-38648 GHSA-53jm-3hc9-fqqc
Summary
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-918	Server-Side Request Forgery (SSRF)
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3	5.3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-38648.json
epss	0.00225	https://api.first.org/data/v1/epss?cve=CVE-2022-38648
epss	0.00225	https://api.first.org/data/v1/epss?cve=CVE-2022-38648
epss	0.00225	https://api.first.org/data/v1/epss?cve=CVE-2022-38648
cvssv3.1	5.3	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-53jm-3hc9-fqqc
cvssv3.1	5.3	https://github.com/apache/xmlgraphics-batik
generic_textual	MODERATE	https://github.com/apache/xmlgraphics-batik
cvssv3.1	5.3	https://github.com/apache/xmlgraphics-batik/commit/996aa8897c208be11ce65cef00c9576a299b2637
generic_textual	MODERATE	https://github.com/apache/xmlgraphics-batik/commit/996aa8897c208be11ce65cef00c9576a299b2637
cvssv3.1	5.3	https://issues.apache.org/jira/browse/BATIK-1333
generic_textual	MODERATE	https://issues.apache.org/jira/browse/BATIK-1333
cvssv3.1	5.3	https://lists.apache.org/thread/gfsktxvj7jtwyovmhhbrw0bs13wfjd7b
generic_textual	MODERATE	https://lists.apache.org/thread/gfsktxvj7jtwyovmhhbrw0bs13wfjd7b
cvssv3.1	5.3	https://lists.debian.org/debian-lts-announce/2023/10/msg00021.html
generic_textual	MODERATE	https://lists.debian.org/debian-lts-announce/2023/10/msg00021.html
cvssv3.1	5.3	https://lists.debian.org/debian-lts-announce/2025/07/msg00006.html
generic_textual	MODERATE	https://lists.debian.org/debian-lts-announce/2025/07/msg00006.html
cvssv3.1	5.3	https://nvd.nist.gov/vuln/detail/CVE-2022-38648
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2022-38648
cvssv3.1	5.3	https://security.gentoo.org/glsa/202401-11
generic_textual	MODERATE	https://security.gentoo.org/glsa/202401-11

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-38648.json
		https://api.first.org/data/v1/epss?cve=CVE-2022-38648
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38648
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/apache/xmlgraphics-batik
		https://github.com/apache/xmlgraphics-batik/commit/996aa8897c208be11ce65cef00c9576a299b2637
		https://issues.apache.org/jira/browse/BATIK-1333
		https://lists.apache.org/thread/gfsktxvj7jtwyovmhhbrw0bs13wfjd7b
		https://lists.debian.org/debian-lts-announce/2023/10/msg00021.html
		https://lists.debian.org/debian-lts-announce/2025/07/msg00006.html
1020589		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1020589
2155295		https://bugzilla.redhat.com/show_bug.cgi?id=2155295
CVE-2022-38648		https://nvd.nist.gov/vuln/detail/CVE-2022-38648
GHSA-53jm-3hc9-fqqc		https://github.com/advisories/GHSA-53jm-3hc9-fqqc
GLSA-202401-11		https://security.gentoo.org/glsa/202401-11
RHSA-2023:2100		https://access.redhat.com/errata/RHSA-2023:2100
RHSA-2023:3954		https://access.redhat.com/errata/RHSA-2023:3954
USN-6117-1		https://usn.ubuntu.com/6117-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-38648.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/apache/xmlgraphics-batik

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/apache/xmlgraphics-batik/commit/996aa8897c208be11ce65cef00c9576a299b2637

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://issues.apache.org/jira/browse/BATIK-1333

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://lists.apache.org/thread/gfsktxvj7jtwyovmhhbrw0bs13wfjd7b

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://lists.debian.org/debian-lts-announce/2023/10/msg00021.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://lists.debian.org/debian-lts-announce/2025/07/msg00006.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-38648

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://security.gentoo.org/glsa/202401-11

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.45344
EPSS Score	0.00225
Published At	June 11, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-10T18:09:00.386465+00:00	SUSE Severity Score Importer	Import	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml	38.6.0