Lucene search

K
ibmIBM61149F4D97B791E1883A77C4470485C913931119045329BCC44F6A65E2B0A9A4
HistorySep 07, 2020 - 7:52 a.m.

Security Bulletin: Vulnerability in Apache Ant affects IBM Platform Symphony and IBM Spectrum Symphony

2020-09-0707:52:14
www.ibm.com
20
ibm platform symphony
ibm spectrum symphony
apache ant
upgrade
security vulnerability
cve-2020-1945
instructions

EPSS

0.001

Percentile

32.8%

Summary

These interim fixes provide instructions on upgrading Apache Ant to 1.10.8 in IBM Platform Symphony 7.1 Fix Pack 1, IBM Platform Symphony 7.1.1, IBM Spectrum Symphony 7.1.2, IBM Spectrum Symphony 7.2.0.2, IBM Spectrum Symphony 7.2.1, and IBM Spectrum Symphony 7.3 in order to address security vulnerability CVE-2020-1945 in Apache Ant.

Vulnerability Details

CVEID:CVE-2020-1945
**DESCRIPTION:**Apache Ant could allow a remote attacker to bypass security restrictions, caused by the use of an insecure temporary directory to store source files. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information and inject modified source files into the build process.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/181875 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Spectrum Symphony 7.3
IBM Spectrum Symphony 7.2.1
IBM Spectrum Symphony 7.2.0.2
IBM Spectrum Symphony 7.1.2
IBM Platform Symphony 7.1.1
IBM Platform Symphony 7.1 Fix Pack 1

Remediation/Fixes

Products VRMF APAR Remediation/First Fix
IBM Spectrum Symphony 7.3 P103839 sym-7.3-build556786
IBM Spectrum Symphony 7.2.1 P103838 sym-7.2.1-build556785
IBM Spectrum Symphony 7.2.0.2 P103837 sym-7.2.0.2-build556784
IBM Spectrum Symphony 7.1.2 P103836 sym-7.1.2-build556783
IBM Platform Symphony 7.1.1 P103835 sym-7.1.1-build556782
IBM Platform Symphony 7.1 Fix Pack 1 P103834 sym-7.1-build556781

Workarounds and Mitigations

None