These interim fixes provide instructions on upgrading Apache Ant to 1.10.9 in IBM Spectrum Symphony 7.2.0.2, IBM Spectrum Symphony 7.2.1, IBM Spectrum Symphony 7.3, and IBM Spectrum Symphony 7.3.1 in order to address security vulnerability CVE-2020-11979 in Apache Ant.
CVEID:CVE-2020-11979
**DESCRIPTION:**Apache Ant could allow a remote authenticated attacker to bypass security restrictions, caused by an insecure temporary file flaw. By sending a specially-crafted request, an attacker could exploit this vulnerability to inject modified source files into the build process.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/189164 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Spectrum Symphony | 7.2.0.2 |
IBM Spectrum Symphony | 7.2.1 |
IBM Spectrum Symphony | 7.3 |
IBM Spectrum Symphony | 7.3.1 |
Products | VRMF | APAR | Remediation/First Fix |
---|---|---|---|
IBM Spectrum Symphony | 7.2.0.2 | P104029 | sym-7.2.0.2-build600108 |
IBM Spectrum Symphony | 7.2.1 | P104031 | sym-7.2.1-build600110 |
IBM Spectrum Symphony | 7.3 | P104032 | sym-7.3-build600111 |
IBM Spectrum Symphony | 7.3.1 | P104033 | sym-7.3.1-build600112 |
None
CPE | Name | Operator | Version |
---|---|---|---|
platform symphony | eq | 7.2.0.2 | |
platform symphony | eq | 7.2.1 | |
platform symphony | eq | 7.3 | |
platform symphony | eq | 7.3.1 |