8 matches found
RHEL 7 : apache-ivy (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - apache-ivy: Directory Traversal CVE-2022-37865 - Improper Restriction of XML External Entity Reference, X...
Security Bulletin: Multiple vulnerabilities in ivy-2.4.0.jar affect IBM Application Performance Management products
Summary There are multiple vulnerabilities in ivy-2.4.0.jar used by IBM Application Performance Management. IBM Application Performance Management has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-37865 DESCRIPTION: Apache Ivy could allow a local authenticated attacker to...
Updated apache-ivy packages fix security vulnerability
Improper path allowed when extracting archive.CVE-2022-37865 Possible path traversal in download path CVE-2022-37866...
Fedora: Security Advisory for apache-ivy (FEDORA-2023-35f775fd6e)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 38 : apache-ivy (2023-35f775fd6e)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-35f775fd6e advisory. Changelog Sun Jun 25 2023 Didik Supriadi - 2.5.1-3 - Build with ivy instead of maven Tenable has extracted the preceding description block directly...
Amazon Linux 2023 : apache-ivy, apache-ivy-javadoc (ALAS2023-2023-174)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-174 advisory. A flaw was found in Apache Ivy. With Apache Ivy 2.4.0, an optional packaging attribute was introduced that allows artifacts to be unpacked on the fly if pack200 or zip packaging was used. This...
Security Bulletin: IBM UrbanCode Deploy (UCD) is vulnerable to Path Traversal due to Apache Ivy (CVE-2022-37865, CVE-2022-37866)
Summary Apache Ivy is used by IBM UrbanCode Deploy as part of the Agents Apache Groovy scripting home. CVE-2022-37865, CVE-2022-37866 Vulnerability Details CVEID:CVE-2022-37866 DESCRIPTION: Apache Ivy could allow a remote attacker to traverse directories on the system, caused by improper validati...
CVE-2022-37865 Apache Ivy allows creating/overwriting any file on the system
With Apache Ivy 2.4.0 an optional packaging attribute has been introduced that allows artifacts to be unpacked on the fly if they used pack200 or zip packaging. For artifacts using the "zip", "jar" or "war" packaging Ivy prior to 2.5.1 doesn't verify the target path when extracting the archive. A...