These interim fixes provide instructions on upgrading Apache Ant to 1.10.8 in IBM Platform Symphony 7.1 Fix Pack 1, IBM Platform Symphony 7.1.1, IBM Spectrum Symphony 7.1.2, IBM Spectrum Symphony 7.2.0.2, IBM Spectrum Symphony 7.2.1, and IBM Spectrum Symphony 7.3 in order to address security vulnerability CVE-2020-1945 in Apache Ant.
CVEID:CVE-2020-1945
**DESCRIPTION:**Apache Ant could allow a remote attacker to bypass security restrictions, caused by the use of an insecure temporary directory to store source files. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information and inject modified source files into the build process.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/181875 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Spectrum Symphony | 7.3 |
IBM Spectrum Symphony | 7.2.1 |
IBM Spectrum Symphony | 7.2.0.2 |
IBM Spectrum Symphony | 7.1.2 |
IBM Platform Symphony | 7.1.1 |
IBM Platform Symphony | 7.1 Fix Pack 1 |
Products | VRMF | APAR | Remediation/First Fix |
---|---|---|---|
IBM Spectrum Symphony | 7.3 | P103839 | sym-7.3-build556786 |
IBM Spectrum Symphony | 7.2.1 | P103838 | sym-7.2.1-build556785 |
IBM Spectrum Symphony | 7.2.0.2 | P103837 | sym-7.2.0.2-build556784 |
IBM Spectrum Symphony | 7.1.2 | P103836 | sym-7.1.2-build556783 |
IBM Platform Symphony | 7.1.1 | P103835 | sym-7.1.1-build556782 |
IBM Platform Symphony | 7.1 Fix Pack 1 | P103834 | sym-7.1-build556781 |
None