Vulnerabilities have been identified in the Apache Ant shipped with IBM Installation Manager and IBM Packaging Utility. The IBM Installation Manager and IBM Packaging Utility have addressed these applicable CVEs.
CVEID:CVE-2021-36374
**DESCRIPTION:**Apache Ant is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By persuading a victim to open a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/205314 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID:CVE-2021-36373
**DESCRIPTION:**Apache Ant is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By persuading a victim to open a specially-crafted TAR archive, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/205311 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
Affected Product(s) | Version(s) |
---|---|
Capilano (Installation Manager) | 1.9.x |
Product | VRMF | APAR | Remediation/First Fix |
---|---|---|---|
IBM Installation Manager and IBM Packaging Utility | 1.9.x | No APAR | 1.9.2 IBM Installation Manager Remediation |
1.9.2 IBM Packaging Utility Remediation |
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm installation manager | eq | 1.9.1.5 |