Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMDB53C7C295FC394865150CA5853523B1FA54709666A98F3C90B7B2FA4539EF15
HistoryOct 14, 2022 - 9:53 p.m.

Security Bulletin: Multiple vulnerabilities in Apache Ant affect IBM InfoSphere Information Server

2022-10-1421:53:33
www.ibm.com
26
apache ant
ibm infosphere
information server 11.7
cve-2021-36373
cve-2021-36374
cve-2012-2098
denial of service
out-of-memory error
zip archive
tar archive
apache commons compress
bzip2 compression
vulnerability
security bulletin

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.026

Percentile

90.6%

JSON

Summary

Multiple vulnerabilities in Apache Ant used by IBM InfoSphere Information Server were addressed.

Vulnerability Details

CVEID:CVE-2021-36373
**DESCRIPTION:**Apache Ant is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By persuading a victim to open a specially-crafted TAR archive, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/205311 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2021-36374
**DESCRIPTION:**Apache Ant is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By persuading a victim to open a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/205314 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2012-2098
**DESCRIPTION:**Apache Commons Compress and Apache Ant are vulnerable to a denial of service, caused by an error when using bzip2 compression to compress files. By passing specially-crafted input to the BZip2CompressorOutputStream class, a remote attacker could exploit this vulnerability to consume all available resources.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/75857 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Affected Products and Versions

Affected Product(s) Version(s)
InfoSphere Information Server 11.7

Remediation/Fixes

Product VRMF APAR Remediation/First Fix
InfoSphere Information Server, Information Server on Cloud 11.7 JR64998
--Apply InfoSphere Information Server version 11.7.1.0
--Apply InfoSphere Information Server version 11.7.1.4

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibminfosphere_information_serverMatch11.7
VendorProductVersionCPE
ibminfosphere_information_server11.7cpe:2.3:a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:*

Related

redos 59
suse 1
nessus 32
photon 7
ibm 24
openvas 15
osv 8
archlinux 1
prion 4
cvelist 4
debiancve 4
fedora 5
ubuntucve 4
mageia 1
veracode 2
seebug 1
github 4
cve 4
nvd 4
alpinelinux 2
cbl_mariner 4
amazon 1
redhatcve 2
redhat 1
securityvulns 1
hp 1
oracle 3
redos
redos
ROS-2-489
2021-09-08 00:00:00
ROS-2-956
2021-09-08 00:00:00
ROS-2-1290
2021-09-08 00:00:00
suse
suse
Security update for ant (moderate)
2022-04-27 00:00:00
nessus
nessus
Photon OS 2.0: Apache PHSA-2021-2.0-0374
2021-07-26 00:00:00
EulerOS 2.0 SP5 : ant (EulerOS-SA-2021-2651)
2021-11-11 00:00:00
Photon OS 1.0: Apache PHSA-2021-1.0-0418
2021-08-10 00:00:00
photon
photon
Moderate Photon OS Security Update - PHSA-2021-0274
2021-07-26 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-2.0-0374
2021-07-26 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-1.0-0418
2021-07-26 00:00:00
ibm
ibm
Security Bulletin: Multiple Vulnerabilities may affect Apache Ant used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections
2022-09-29 13:07:02
Security Bulletin: Vulnerabilities in Apache Ant affect IBM Installation Manager and IBM Packaging Utility
2021-11-24 18:44:02
Security Bulletin: Multiple vulnerabilities affect Apache Ant shipped with IBM Operations Analytics - Log Analysis
2023-04-03 07:41:33
openvas
openvas
openSUSE: Security Advisory for ant (SUSE-SU-2022:1418-1)
2022-05-17 00:00:00
Huawei EulerOS: Security Advisory for ant (EulerOS-SA-2021-2453)
2021-09-24 00:00:00
Huawei EulerOS: Security Advisory for ant (EulerOS-SA-2021-2651)
2021-11-12 00:00:00
osv
osv
ant-1.10.12-1.1 on GA media
2024-06-15 00:00:00
Improper Handling of Length Parameter Inconsistency in Apache Ant
2021-08-02 16:56:31
Uncontrolled Resource Consumption in Apache Commons Compress
2022-05-13 01:07:05
archlinux
archlinux
[ASA-202107-43] ant: denial of service
2021-07-20 00:00:00
prion
prion
Design/Logic Flaw
2012-06-29 19:55:00
Design/Logic Flaw
2021-07-14 07:15:00
Design/Logic Flaw
2021-07-14 07:15:00
cvelist
cvelist
CVE-2012-2098
2012-06-29 00:00:00
CVE-2021-36374 Apache Ant ZIP, and ZIP based, archive denial of service vulerability
2021-07-14 06:20:12
CVE-2021-36373 Apache Ant TAR archive denial of service vulnerability
2021-07-14 06:20:11
debiancve
debiancve
CVE-2012-2098
2012-06-29 19:55:03
CVE-2021-36373
2021-07-14 07:15:08
CVE-2021-36374
2021-07-14 07:15:08
fedora
fedora
[SECURITY] Fedora 18 Update: plexus-archiver-2.3-1.fc18
2013-05-11 00:27:50
[SECURITY] Fedora 19 Update: plexus-archiver-2.3-1.fc19
2013-05-11 03:16:43
[SECURITY] Fedora 16 Update: apache-commons-compress-1.4.1-1.fc16
2012-06-03 23:26:27
ubuntucve
ubuntucve
CVE-2012-2098
2012-06-29 00:00:00
CVE-2021-36373
2021-07-14 00:00:00
CVE-2021-36374
2021-07-14 00:00:00
mageia
mageia
Updated plexus-archiver package fixes security vulnerability
2014-02-12 21:07:07
veracode
veracode
Denial Of Service (DoS)
2021-07-15 00:46:23
Denial Of Service (DoS)
2021-07-15 00:46:26
seebug
seebug
Apache Commons Compress和Apache Ant拒绝服务漏洞
2012-05-25 00:00:00
github
github
Uncontrolled Resource Consumption in Apache Commons Compress
2022-05-13 01:07:05
Improper Handling of Length Parameter Inconsistency in Apache Ant
2021-08-02 16:56:17
Improper Handling of Length Parameter Inconsistency in Apache Ant
2021-08-02 16:56:31
cve
cve
CVE-2012-2098
2012-06-29 19:55:03
CVE-2021-36374
2021-07-14 07:15:08
CVE-2021-36373
2021-07-14 07:15:08
nvd
nvd
CVE-2012-2098
2012-06-29 19:55:03
CVE-2021-36373
2021-07-14 07:15:08
CVE-2021-36374
2021-07-14 07:15:08
alpinelinux
alpinelinux
CVE-2021-36374
2021-07-14 07:15:08
CVE-2021-36373
2021-07-14 07:15:08
cbl_mariner
cbl_mariner
CVE-2021-36374 affecting package javapackages-bootstrap for versions less than 1.14.0-2
2024-04-17 22:02:46
CVE-2021-36373 affecting package ant 1.10.9-2
2021-08-11 06:39:28
CVE-2021-36373 affecting package javapackages-bootstrap for versions less than 1.14.0-2
2024-04-17 22:02:46
amazon
amazon
Medium: ant
2022-12-01 20:31:00
redhatcve
redhatcve
CVE-2021-36373
2021-07-14 18:22:16
CVE-2021-36374
2021-07-14 18:22:13
redhat
redhat
(RHSA-2022:5903) Moderate: Red Hat Process Automation Manager 7.13.0 security update
2022-08-04 04:17:59
securityvulns
securityvulns
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2012-06-03 00:00:00
hp
hp
HP Device Manager Vulnerability Update (5.0.12)
2024-01-26 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - July 2024
2024-07-16 00:00:00
Oracle Critical Patch Update Advisory - October 2023
2023-10-17 00:00:00
Oracle Critical Patch Update Advisory - July 2023
2023-07-18 00:00:00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.026

Percentile

90.6%

JSON
Related for DB53C7C295FC394865150CA5853523B1FA54709666A98F3C90B7B2FA4539EF15
redos59suse1nessus32photon7ibm24openvas15osv8archlinux1prion4cvelist4debiancve4fedora5ubuntucve4mageia1veracode2seebug1github4cve4nvd4alpinelinux2cbl_mariner4amazon1redhatcve2redhat1securityvulns1hp1oracle3