ID

VAR-202005-1051


CVE

CVE-2020-1945


TITLE

Apache Ant Vulnerability regarding information leakage in

Trust: 0.8

sources: JVNDB: JVNDB-2020-005528

DESCRIPTION

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process. Apache Ant There is an information leakage vulnerability in.Information may be obtained and tampered with. This tool is mainly used for software compilation, testing and deployment. An attacker could exploit this vulnerability to disclose sensitive information. ========================================================================== Ubuntu Security Notice USN-4380-1 June 01, 2020 Apache Ant vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 19.10 Summary: Apache Ant could leak sensitive information or be made to run programs as your login. An attacker could use this vulnerability to read sensitive information leaked into /tmp, or potentially inject malicious code into a project that is built with Apache Ant. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10: ant 1.10.6-1ubuntu0.1 ant-doc 1.10.6-1ubuntu0.1 ant-optional 1.10.6-1ubuntu0.1 In general, a standard system update will make all the necessary changes. Description: Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. For further information, refer to the release notes linked to in the References section. Bugs fixed (https://bugzilla.redhat.com/): 1816216 - CVE-2020-11612 netty: compression/decompression codecs don't enforce limits on buffer allocation sizes 1837444 - CVE-2020-1945 ant: insecure temporary file vulnerability 5. Bugs fixed (https://bugzilla.redhat.com/): 1837444 - CVE-2020-1945 ant: insecure temporary file vulnerability 1903702 - CVE-2020-11979 ant: insecure temporary file 1921322 - CVE-2021-21615 jenkins: Filesystem traversal by privileged users 1925140 - CVE-2021-21608 jenkins: Stored XSS vulnerability in button labels 1925141 - CVE-2021-21609 jenkins: Missing permission check for paths with specific prefix 1925143 - CVE-2021-21605 jenkins: Path traversal vulnerability in agent names 1925145 - CVE-2021-21611 jenkins: Stored XSS vulnerability on new item page 1925151 - CVE-2021-21610 jenkins: Reflected XSS vulnerability in markup formatter preview 1925156 - CVE-2021-21607 jenkins: Excessive memory allocation in graph URLs leads to denial of service 1925157 - CVE-2021-21604 jenkins: Improper handling of REST API XML deserialization errors 1925159 - CVE-2021-21606 jenkins: Arbitrary file existence check in file fingerprints 1925160 - CVE-2021-21603 jenkins: XSS vulnerability in notification bar 1925161 - CVE-2021-21602 jenkins: Arbitrary file read vulnerability in workspace browsers 1925674 - Placeholder bug for OCP 4.6.0 rpm release 6. Description: Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation (DMN) execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. Solution: For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. The References section of this erratum contains a download link (you must log in to download the update). Bugs fixed (https://bugzilla.redhat.com/): 1666499 - CVE-2019-14900 hibernate: SQL injection issue in Hibernate ORM 1694235 - CVE-2020-10683 dom4j: XML External Entity vulnerability in default SAX parser 1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages 1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain 1824301 - CVE-2020-1954 cxf: JMX integration is vulnerable to a MITM attack 1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication 1837444 - CVE-2020-1945 ant: insecure temporary file vulnerability 1848617 - CVE-2019-17566 batik: SSRF via "xlink:href" 1851014 - CVE-2020-2934 mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete 1851019 - CVE-2020-2875 mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete 1851022 - CVE-2020-2933 mysql-connector-java: allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized partial DoS 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: OpenShift Container Platform 3.11.394 bug fix and security update Advisory ID: RHSA-2021:0637-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2021:0637 Issue date: 2021-03-03 CVE Names: CVE-2020-1945 CVE-2020-2304 CVE-2020-2305 CVE-2020-2306 CVE-2020-2307 CVE-2020-2308 CVE-2020-2309 CVE-2020-11979 CVE-2020-25658 ==================================================================== 1. Summary: Red Hat OpenShift Container Platform release 3.11.394 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenShift Container Platform 3.11 - noarch, ppc64le, x86_64 3. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Security Fix(es): * jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks (CVE-2020-2304) * jenkins-2-plugins/mercurial: XML parser is not preventing XML external entity (XXE) attacks (CVE-2020-2305) * ant: Insecure temporary file vulnerability (CVE-2020-1945) * jenkins-2-plugins/mercurial: Missing permission check in an HTTP endpoint could result in information disclosure (CVE-2020-2306) * jenkins-2-plugins/kubernetes: Jenkins controller environment variables are accessible in Kubernetes plug-in (CVE-2020-2307) * jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows listing pod templates (CVE-2020-2308) * jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes plug-in allows enumerating credentials IDs (CVE-2020-2309) * ant: Insecure temporary file (CVE-2020-11979) * python-rsa: Bleichenbacher timing oracle attack against RSA decryption (CVE-2020-25658) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.11.394. See the following advisory for the container images for this release: https://access.redhat.com/errata/RHBA-2021:0638 Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes: https://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_r elease_notes.html This update fixes the following bugs among others: * Previously, the restart-cluster playbook did not evaluate the defined cluster size for ops clusters. This was causing come clusters to never complete their restart. This bug fix passes the logging ops cluster size, allowing restarts of ops clusters to complete successfully. (BZ#1879407) * Previously, the `openshift_named_certificates` role checked the contents of the `ca-bundle.crt` file during cluster installation. This caused the check to fail during initial installation because the `ca-bundle.crt` file is not yet created in that scenario. This bug fix allows the cluster to skip checking the `ca-bundle.crt` file if it does not exist, resulting in initial installations succeeding. (BZ#1920567) * Previously, if the `openshift_release` attribute was not set in the Ansible inventory file, the nodes of the cluster would fail during an upgrade. This was caused by the `cluster_facts.yml` file being gathered before the `openshift_release` attribute was defined by the upgrade playbook. Now the `cluster_facts.yml` file is gathered after the `openshift_version` role runs and the `openshift_release` attribute is set, allowing for successful node upgrades. (BZ#1921353) All OpenShift Container Platform 3.11 users are advised to upgrade to these updated packages and images. 4. Solution: Before applying this update, ensure all previously released errata relevant to your system is applied. See the following documentation, which will be updated shortly for release 3.11.394, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_r elease_notes.html This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258. 5. Bugs fixed (https://bugzilla.redhat.com/): 1837444 - CVE-2020-1945 ant: insecure temporary file vulnerability 1849003 - fact dicts returned are of type string rather than dict 1873346 - In-place upgrade of OCP 3.11 does not upgrade Kuryr components 1879407 - The restart-cluster playbook doesn't take into account that openshift_logging_es_ops_cluster_size could be different from openshift_logging_es_cluster_size 1889972 - CVE-2020-25658 python-rsa: bleichenbacher timing oracle attack against RSA decryption 1895939 - CVE-2020-2304 jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks 1895940 - CVE-2020-2305 jenkins-2-plugins/mercurial: XML parser is not preventing XML external entity (XXE) attacks 1895941 - CVE-2020-2306 jenkins-2-plugins/mercurial: Missing permission check in an HTTP endpoint could result in information disclosure 1895945 - CVE-2020-2307 jenkins-2-plugins/kubernetes: Jenkins controller environment variables are accessible in Kubernetes Plugin 1895946 - CVE-2020-2308 jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows listing pod templates 1895947 - CVE-2020-2309 jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows enumerating credentials IDs 1903699 - Prometheus consumes all available memory 1903702 - CVE-2020-11979 ant: insecure temporary file 1918392 - Unable to access kibana URLafter enabling HTTP2 on Haproxy router 1920567 - [release-3.11] - ca-bundle.crt(/etc/origin/master/ca-bundle.crt) is missing on the fresh installation process 1921353 - OCP 3.11.374 Upgrade fails with Either OpenShift needs to be installed or openshift_release needs to be specified 1924614 - Provide jenkins agent image for maven36 1924811 - Provide jenkins agent image for maven36 1929170 - kuryr-cni pods in crashloop after updating OCP due to RuntimeError caused by attempting to delete eth0 host interface 1929216 - KeyError: 'addresses' in kuryr-controller when Endpoints' slice only lists notReadyAddresses 6. Package List: Red Hat OpenShift Container Platform 3.11: Source: atomic-enterprise-service-catalog-3.11.394-1.git.1675.fdb6e0b.el7.src.rpm atomic-openshift-3.11.394-1.git.0.e03a88e.el7.src.rpm atomic-openshift-cluster-autoscaler-3.11.394-1.git.0.1900c76.el7.src.rpm atomic-openshift-descheduler-3.11.394-1.git.299.ad3a3c0.el7.src.rpm atomic-openshift-dockerregistry-3.11.394-1.git.481.6e48246.el7.src.rpm atomic-openshift-metrics-server-3.11.394-1.git.53.3d82586.el7.src.rpm atomic-openshift-node-problem-detector-3.11.394-1.git.263.49acf3a.el7.src.rpm atomic-openshift-service-idler-3.11.394-1.git.15.73f73cd.el7.src.rpm atomic-openshift-web-console-3.11.394-1.git.667.08dd2a6.el7.src.rpm golang-github-openshift-oauth-proxy-3.11.394-1.git.439.4c37707.el7.src.rpm golang-github-prometheus-alertmanager-3.11.394-1.git.0.1fbb64c.el7.src.rpm golang-github-prometheus-node_exporter-3.11.394-1.git.1062.8adc4b8.el7.src.rpm golang-github-prometheus-prometheus-3.11.394-1.git.5026.2c9627f.el7.src.rpm haproxy-1.8.28-1.el7.src.rpm jenkins-2-plugins-3.11.1612862361-1.el7.src.rpm jenkins-2.263.3.1612433584-1.el7.src.rpm openshift-ansible-3.11.394-6.git.0.47ec25d.el7.src.rpm openshift-enterprise-autoheal-3.11.394-1.git.218.59eb597.el7.src.rpm openshift-enterprise-cluster-capacity-3.11.394-1.git.379.92adfdc.el7.src.rpm openshift-kuryr-3.11.394-1.git.1490.16ed375.el7.src.rpm python-rsa-4.5-3.el7.src.rpm noarch: atomic-openshift-docker-excluder-3.11.394-1.git.0.e03a88e.el7.noarch.rpm atomic-openshift-excluder-3.11.394-1.git.0.e03a88e.el7.noarch.rpm jenkins-2-plugins-3.11.1612862361-1.el7.noarch.rpm jenkins-2.263.3.1612433584-1.el7.noarch.rpm openshift-ansible-3.11.394-6.git.0.47ec25d.el7.noarch.rpm openshift-ansible-docs-3.11.394-6.git.0.47ec25d.el7.noarch.rpm openshift-ansible-playbooks-3.11.394-6.git.0.47ec25d.el7.noarch.rpm openshift-ansible-roles-3.11.394-6.git.0.47ec25d.el7.noarch.rpm openshift-ansible-test-3.11.394-6.git.0.47ec25d.el7.noarch.rpm openshift-kuryr-cni-3.11.394-1.git.1490.16ed375.el7.noarch.rpm openshift-kuryr-common-3.11.394-1.git.1490.16ed375.el7.noarch.rpm openshift-kuryr-controller-3.11.394-1.git.1490.16ed375.el7.noarch.rpm python2-kuryr-kubernetes-3.11.394-1.git.1490.16ed375.el7.noarch.rpm python2-rsa-4.5-3.el7.noarch.rpm ppc64le: atomic-enterprise-service-catalog-3.11.394-1.git.1675.fdb6e0b.el7.ppc64le.rpm atomic-enterprise-service-catalog-svcat-3.11.394-1.git.1675.fdb6e0b.el7.ppc64le.rpm atomic-openshift-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm atomic-openshift-clients-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm atomic-openshift-cluster-autoscaler-3.11.394-1.git.0.1900c76.el7.ppc64le.rpm atomic-openshift-descheduler-3.11.394-1.git.299.ad3a3c0.el7.ppc64le.rpm atomic-openshift-hyperkube-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm atomic-openshift-hypershift-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm atomic-openshift-master-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm atomic-openshift-metrics-server-3.11.394-1.git.53.3d82586.el7.ppc64le.rpm atomic-openshift-node-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm atomic-openshift-node-problem-detector-3.11.394-1.git.263.49acf3a.el7.ppc64le.rpm atomic-openshift-pod-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm atomic-openshift-sdn-ovs-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm atomic-openshift-service-idler-3.11.394-1.git.15.73f73cd.el7.ppc64le.rpm atomic-openshift-template-service-broker-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm atomic-openshift-tests-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm atomic-openshift-web-console-3.11.394-1.git.667.08dd2a6.el7.ppc64le.rpm golang-github-openshift-oauth-proxy-3.11.394-1.git.439.4c37707.el7.ppc64le.rpm haproxy-debuginfo-1.8.28-1.el7.ppc64le.rpm haproxy18-1.8.28-1.el7.ppc64le.rpm openshift-enterprise-autoheal-3.11.394-1.git.218.59eb597.el7.ppc64le.rpm openshift-enterprise-cluster-capacity-3.11.394-1.git.379.92adfdc.el7.ppc64le.rpm prometheus-3.11.394-1.git.5026.2c9627f.el7.ppc64le.rpm prometheus-alertmanager-3.11.394-1.git.0.1fbb64c.el7.ppc64le.rpm prometheus-node-exporter-3.11.394-1.git.1062.8adc4b8.el7.ppc64le.rpm x86_64: atomic-enterprise-service-catalog-3.11.394-1.git.1675.fdb6e0b.el7.x86_64.rpm atomic-enterprise-service-catalog-svcat-3.11.394-1.git.1675.fdb6e0b.el7.x86_64.rpm atomic-openshift-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-clients-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-clients-redistributable-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-cluster-autoscaler-3.11.394-1.git.0.1900c76.el7.x86_64.rpm atomic-openshift-descheduler-3.11.394-1.git.299.ad3a3c0.el7.x86_64.rpm atomic-openshift-dockerregistry-3.11.394-1.git.481.6e48246.el7.x86_64.rpm atomic-openshift-hyperkube-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-hypershift-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-master-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-metrics-server-3.11.394-1.git.53.3d82586.el7.x86_64.rpm atomic-openshift-node-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-node-problem-detector-3.11.394-1.git.263.49acf3a.el7.x86_64.rpm atomic-openshift-pod-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-sdn-ovs-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-service-idler-3.11.394-1.git.15.73f73cd.el7.x86_64.rpm atomic-openshift-template-service-broker-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-tests-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-web-console-3.11.394-1.git.667.08dd2a6.el7.x86_64.rpm golang-github-openshift-oauth-proxy-3.11.394-1.git.439.4c37707.el7.x86_64.rpm haproxy-debuginfo-1.8.28-1.el7.x86_64.rpm haproxy18-1.8.28-1.el7.x86_64.rpm openshift-enterprise-autoheal-3.11.394-1.git.218.59eb597.el7.x86_64.rpm openshift-enterprise-cluster-capacity-3.11.394-1.git.379.92adfdc.el7.x86_64.rpm prometheus-3.11.394-1.git.5026.2c9627f.el7.x86_64.rpm prometheus-alertmanager-3.11.394-1.git.0.1fbb64c.el7.x86_64.rpm prometheus-node-exporter-3.11.394-1.git.1062.8adc4b8.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-1945 https://access.redhat.com/security/cve/CVE-2020-2304 https://access.redhat.com/security/cve/CVE-2020-2305 https://access.redhat.com/security/cve/CVE-2020-2306 https://access.redhat.com/security/cve/CVE-2020-2307 https://access.redhat.com/security/cve/CVE-2020-2308 https://access.redhat.com/security/cve/CVE-2020-2309 https://access.redhat.com/security/cve/CVE-2020-11979 https://access.redhat.com/security/cve/CVE-2020-25658 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYD+BmNzjgjWX9erEAQjE+Q//ZZiX1bD9qOdi3w9TpwdZLagxnE5NTy5Z Ru/GN0qaTIBHo8QHZqgt6jBT5ADfW0KgEdA3N+fi43f4ud5fO+2eQcdE4oeSAE93 T5PAL+UBlb4ykAqQQnLVMO8G5Hc2IOw68wZjC+YFcEB36FnZifCk/z14OdUR3WyT g5ohmXKJw3ojfOsPK0ZIePS4V7RwTosagKHdyVa+tpxxVlkcZf2q08e5U7YkkhKv d/4UzYfGYtpm8ozYde1Cvs6cCU2ar7VQjsGW597BgSMXYESDqnPTKUJ5y8btFTwL j5z0ZSc96MBOkyebqxqhNdeFwg4liCl0RhBSUBhsG6e40Du8+3+LPUS579R1cp8N qCW0ODujVh804XNOXSqGAbmPXb6BL8uIY6j4kdzfZH4xgBGG1oOhiUcjPrJQkohD 7fRf/aLCtRno9d98oylMuxPWEf4XfeltF4zin8hWdvBlfSxfy6aGjdmXcHWIP3Es 4jL7h5IBtTn/8IXO5kXUlBeHOTNfjA48W/MmxyN6TNoTFrrsgR1pk7RUCxjAgOi/ Nk/IYlBheWb1Bvm/QCMpA5qDUSNZnmADw6BBRoViE+/DKBM9/DEUX6KOq6H3Ak0v wA7QOAVVk2COxBJCsmy7EJUJYMuyfrNkovukWKHUQQuDFcjy5nWYbGmmejX/STB2 +rElYOcZkO0=9NLN -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202007-34 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Apache Ant: Multiple vulnerabilities Date: July 27, 2020 Bugs: #723086 ID: 202007-34 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Apache Ant uses various insecure temporary files possibly allowing local code execution. Background ========= Ant is a Java-based build tool similar to 'make' that uses XML configuration files. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-java/ant < 1.10.8 >= 1.10.8 Description ========== Apache Ant was found to be using multiple insecure temporary files which may disclose sensitive information or execute code from an unsafe local location. Impact ===== A local attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service condition. Workaround ========= There is no known workaround at this time. Resolution ========= All Apache Ant users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">\xdev-java/ant-1.10.8" References ========= [ 1 ] CVE-2020-1945 https://nvd.nist.gov/vuln/detail/CVE-2020-1945 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202007-34 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5

Trust: 2.52

sources: NVD: CVE-2020-1945 // JVNDB: JVNDB-2020-005528 // VULHUB: VHN-172829 // VULMON: CVE-2020-1945 // PACKETSTORM: 157902 // PACKETSTORM: 159924 // PACKETSTORM: 158150 // PACKETSTORM: 161644 // PACKETSTORM: 161454 // PACKETSTORM: 159921 // PACKETSTORM: 161647 // PACKETSTORM: 158600

AFFECTED PRODUCTS

vendor:oraclemodel:retail size profile optimizationscope:eqversion:15.0.3

Trust: 1.0

vendor:apachemodel:antscope:lteversion:1.10.7

Trust: 1.0

vendor:apachemodel:antscope:lteversion:1.9.14

Trust: 1.0

vendor:oraclemodel:flexcube investor servicingscope:eqversion:12.4.0

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:lteversion:17.12.7

Trust: 1.0

vendor:oraclemodel:retail central officescope:eqversion:14.0

Trust: 1.0

vendor:oraclemodel:retail service backbonescope:eqversion:14.1.3.2

Trust: 1.0

vendor:oraclemodel:retail xstore point of servicescope:eqversion:16.0.6

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:gteversion:16.2.0

Trust: 1.0

vendor:oraclemodel:financial services analytical applications infrastructurescope:gteversion:8.0.6

Trust: 1.0

vendor:oraclemodel:endeca information discovery studioscope:eqversion:3.2.0

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:eqversion:16.1

Trust: 1.0

vendor:oraclemodel:banking liquidity managementscope:gteversion:14.0.0

Trust: 1.0

vendor:apachemodel:antscope:gteversion:1.10.0

Trust: 1.0

vendor:oraclemodel:flexcube private bankingscope:eqversion:12.0.0

Trust: 1.0

vendor:oraclemodel:retail item planningscope:eqversion:15.0.3

Trust: 1.0

vendor:oraclemodel:health sciences information managerscope:lteversion:3.0.2

Trust: 1.0

vendor:oraclemodel:retail service backbonescope:eqversion:19.0.1.0

Trust: 1.0

vendor:oraclemodel:retail back officescope:eqversion:14.0

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:gteversion:4.3.0.1.0

Trust: 1.0

vendor:oraclemodel:banking enterprise collectionsscope:gteversion:2.7.0

Trust: 1.0

vendor:oraclemodel:retail integration busscope:eqversion:16.0.3.0

Trust: 1.0

vendor:oraclemodel:retail extract transform and loadscope:eqversion:13.2.5

Trust: 1.0

vendor:oraclemodel:health sciences information managerscope:gteversion:3.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:19.10

Trust: 1.0

vendor:oraclemodel:banking platformscope:lteversion:2.9.0

Trust: 1.0

vendor:oraclemodel:retail point-of-servicescope:eqversion:15.0

Trust: 1.0

vendor:oraclemodel:business process management suitescope:eqversion:12.2.1.3.0

Trust: 1.0

vendor:oraclemodel:business process management suitescope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:31

Trust: 1.0

vendor:oraclemodel:timesten in-memory databasescope:eqversion:11.2.2.8.49

Trust: 1.0

vendor:oraclemodel:flexcube investor servicingscope:eqversion:14.1.0

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:gteversion:17.12.0

Trust: 1.0

vendor:oraclemodel:enterprise repositoryscope:eqversion:11.1.1.7.0

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:gteversion:17.7

Trust: 1.0

vendor:oraclemodel:retail advanced inventory planningscope:eqversion:14.1

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:eqversion:19.12

Trust: 1.0

vendor:oraclemodel:retail xstore point of servicescope:eqversion:18.0.3

Trust: 1.0

vendor:oraclemodel:retail financial integrationscope:eqversion:14.1.3.2

Trust: 1.0

vendor:oraclemodel:category management planning \& optimizationscope:eqversion:15.0.3

Trust: 1.0

vendor:oraclemodel:retail xstore point of servicescope:eqversion:15.0.4

Trust: 1.0

vendor:oraclemodel:enterprise manager ops centerscope:eqversion:12.4.0.0

Trust: 1.0

vendor:oraclemodel:rapid planningscope:eqversion:12.1

Trust: 1.0

vendor:oraclemodel:retail macro space optimizationscope:eqversion:15.0.3

Trust: 1.0

vendor:oraclemodel:retail point-of-servicescope:eqversion:14.1

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routerscope:lteversion:8.2.2

Trust: 1.0

vendor:oraclemodel:retail data extractor for merchandisingscope:eqversion:1.9

Trust: 1.0

vendor:oraclemodel:retail service backbonescope:eqversion:16.0.3.0

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:eqversion:4.4.0.0.0

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routerscope:gteversion:8.0.0

Trust: 1.0

vendor:oraclemodel:retail predictive application serverscope:eqversion:14.1.3

Trust: 1.0

vendor:oraclemodel:retail point-of-servicescope:eqversion:16.0

Trust: 1.0

vendor:oraclemodel:retail integration busscope:eqversion:15.0

Trust: 1.0

vendor:oraclemodel:retail merchandising systemscope:eqversion:19.0.1

Trust: 1.0

vendor:oraclemodel:banking enterprise collectionsscope:lteversion:2.9.0

Trust: 1.0

vendor:oraclemodel:retail integration busscope:eqversion:15.0.4.0

Trust: 1.0

vendor:oraclemodel:retail data extractor for merchandisingscope:eqversion:1.10

Trust: 1.0

vendor:oraclemodel:retail predictive application serverscope:eqversion:16.0.3

Trust: 1.0

vendor:oraclemodel:retail regular price optimizationscope:eqversion:16.0.3

Trust: 1.0

vendor:oraclemodel:data integratorscope:eqversion:12.2.1.3.0

Trust: 1.0

vendor:oraclemodel:retail bulk data integrationscope:eqversion:15.0

Trust: 1.0

vendor:oraclemodel:retail financial integrationscope:eqversion:15.0

Trust: 1.0

vendor:oraclemodel:retail predictive application serverscope:eqversion:15.0.3

Trust: 1.0

vendor:oraclemodel:agile engineering data managementscope:eqversion:6.2.1.0

Trust: 1.0

vendor:oraclemodel:retail regular price optimizationscope:eqversion:15.0.3

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:lteversion:17.12

Trust: 1.0

vendor:oraclemodel:communications order and service managementscope:eqversion:7.3

Trust: 1.0

vendor:oraclemodel:retail financial integrationscope:eqversion:15.0.4.0

Trust: 1.0

vendor:oraclemodel:retail returns managementscope:eqversion:14.1

Trust: 1.0

vendor:oraclemodel:retail xstore point of servicescope:eqversion:19.0.2

Trust: 1.0

vendor:oraclemodel:financial services analytical applications infrastructurescope:lteversion:8.1.0

Trust: 1.0

vendor:oraclemodel:flexcube private bankingscope:eqversion:12.1.0

Trust: 1.0

vendor:oraclemodel:retail store inventory managementscope:eqversion:14.1.3

Trust: 1.0

vendor:opensusemodel:leapscope:eqversion:15.2

Trust: 1.0

vendor:oraclemodel:retail store inventory managementscope:eqversion:15.0

Trust: 1.0

vendor:oraclemodel:retail integration busscope:eqversion:14.1

Trust: 1.0

vendor:oraclemodel:rapid planningscope:eqversion:12.2

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:lteversion:4.3.0.6.0

Trust: 1.0

vendor:oraclemodel:retail store inventory managementscope:eqversion:16.0.3

Trust: 1.0

vendor:oraclemodel:retail integration busscope:eqversion:16.0

Trust: 1.0

vendor:oraclemodel:flexcube investor servicingscope:eqversion:14.0.0

Trust: 1.0

vendor:oraclemodel:retail advanced inventory planningscope:eqversion:15.0

Trust: 1.0

vendor:oraclemodel:retail extract transform and loadscope:eqversion:13.2.8

Trust: 1.0

vendor:oraclemodel:retail point-of-servicescope:eqversion:14.0

Trust: 1.0

vendor:oraclemodel:retail xstore point of servicescope:eqversion:17.0.4

Trust: 1.0

vendor:oraclemodel:retail predictive application serverscope:eqversion:16.0.3.0

Trust: 1.0

vendor:oraclemodel:retail store inventory managementscope:eqversion:14.0.4

Trust: 1.0

vendor:oraclemodel:retail merchandise financial planningscope:eqversion:15.0.3

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:32

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:eqversion:2.2.0.0.0

Trust: 1.0

vendor:oraclemodel:retail store inventory managementscope:eqversion:15.0.3

Trust: 1.0

vendor:oraclemodel:retail bulk data integrationscope:eqversion:16.0

Trust: 1.0

vendor:oraclemodel:real-time decision serverscope:eqversion:3.2.1.0

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:eqversion:4.2.0.3.0

Trust: 1.0

vendor:apachemodel:antscope:gteversion:1.1

Trust: 1.0

vendor:oraclemodel:retail bulk data integrationscope:eqversion:16.0.3.0

Trust: 1.0

vendor:oraclemodel:retail service backbonescope:eqversion:15.0

Trust: 1.0

vendor:oraclemodel:communications asapscope:eqversion:7.3

Trust: 1.0

vendor:oraclemodel:retail financial integrationscope:eqversion:16.0

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:eqversion:16.2

Trust: 1.0

vendor:oraclemodel:communications order and service managementscope:eqversion:7.4

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:eqversion:18.8

Trust: 1.0

vendor:oraclemodel:retail integration busscope:eqversion:14.1.3.2

Trust: 1.0

vendor:oraclemodel:retail service backbonescope:eqversion:15.0.4.0

Trust: 1.0

vendor:oraclemodel:retail financial integrationscope:eqversion:16.0.3.0

Trust: 1.0

vendor:oraclemodel:retail store inventory managementscope:eqversion:14.1

Trust: 1.0

vendor:oraclemodel:retail central officescope:eqversion:14.1

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:eqversion:4.2.0.2.0

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:eqversion:4.4.0.2.0

Trust: 1.0

vendor:oraclemodel:retail store inventory managementscope:eqversion:16.0

Trust: 1.0

vendor:oraclemodel:timesten in-memory databasescope:ltversion:11.2.2.8.27

Trust: 1.0

vendor:oraclemodel:flexcube investor servicingscope:eqversion:12.1.0

Trust: 1.0

vendor:oraclemodel:retail assortment planningscope:eqversion:16.0.3

Trust: 1.0

vendor:oraclemodel:retail bulk data integrationscope:eqversion:19.0.1

Trust: 1.0

vendor:oraclemodel:retail returns managementscope:eqversion:14.0

Trust: 1.0

vendor:oraclemodel:retail integration busscope:eqversion:19.0.1.0

Trust: 1.0

vendor:oraclemodel:retail replenishment optimizationscope:eqversion:15.0.3

Trust: 1.0

vendor:oraclemodel:retail predictive application serverscope:eqversion:14.0.3

Trust: 1.0

vendor:oraclemodel:retail advanced inventory planningscope:eqversion:16.0

Trust: 1.0

vendor:oraclemodel:retail back officescope:eqversion:14.1

Trust: 1.0

vendor:oraclemodel:retail assortment planningscope:eqversion:15.0.3

Trust: 1.0

vendor:oraclemodel:banking liquidity managementscope:lteversion:14.4.0

Trust: 1.0

vendor:oraclemodel:flexcube investor servicingscope:eqversion:12.3.0

Trust: 1.0

vendor:oraclemodel:retail service backbonescope:eqversion:16.0

Trust: 1.0

vendor:oraclemodel:communications metasolv solutionscope:eqversion:6.3.0

Trust: 1.0

vendor:oraclemodel:retail size profile optimizationscope:eqversion:16.0.3

Trust: 1.0

vendor:oraclemodel:banking platformscope:gteversion:2.4.0

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:lteversion:16.2.11

Trust: 1.0

vendor:oraclemodel:data integratorscope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:apachemodel:antscope:eqversion:1.1 から 1.9.14

Trust: 0.8

vendor:apachemodel:antscope:eqversion:1.10.0 から 1.10.7

Trust: 0.8

vendor:canonicalmodel:ubuntuscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-005528 // NVD: CVE-2020-1945

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-1945
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-005528
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202005-777
value: MEDIUM

Trust: 0.6

VULHUB: VHN-172829
value: LOW

Trust: 0.1

VULMON: CVE-2020-1945
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2020-1945
severity: LOW
baseScore: 3.3
vectorString: AV:L/AC:M/AU:N/C:P/I:P/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-005528
severity: LOW
baseScore: 3.3
vectorString: AV:L/AC:M/AU:N/C:P/I:P/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-172829
severity: LOW
baseScore: 3.3
vectorString: AV:L/AC:M/AU:N/C:P/I:P/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-1945
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 1.0
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-005528
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-172829 // VULMON: CVE-2020-1945 // JVNDB: JVNDB-2020-005528 // CNNVD: CNNVD-202005-777 // NVD: CVE-2020-1945

PROBLEMTYPE DATA

problemtype:CWE-668

Trust: 1.1

problemtype:CWE-200

Trust: 0.9

sources: VULHUB: VHN-172829 // JVNDB: JVNDB-2020-005528 // NVD: CVE-2020-1945

THREAT TYPE

local

Trust: 0.7

sources: PACKETSTORM: 158600 // CNNVD: CNNVD-202005-777

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202005-777

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-005528

PATCH

title:[creadur-rat] branch master updated: RAT-269: Update Apache ANT to fix CVE-2020-1945url:https://lists.apache.org/thread.html/re1ce84518d773a94a613d988771daf9252c9cf7375a9a477009f9735@%3Ccommits.creadur.apache.org%3E

Trust: 0.8

title:[creadur-rat] 03/03: RAT-269: Update Apache ANT to fix CVE-2020-1945url:https://lists.apache.org/thread.html/rfd346609527a79662c48b1da3ac500ec30f29f7ddaa3575051e81890@%3Ccommits.creadur.apache.org%3E

Trust: 0.8

title:[jira] [Assigned] (RAT-269) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANTurl:https://lists.apache.org/thread.html/r1863b9ce4c3e4b1e5b0c671ad05545ba3eb8399616aa746af5dfe1b1@%3Cdev.creadur.apache.org%3E

Trust: 0.8

title:[CVE-2020-1945] Apache Ant insecure temporary file vulnerabilityurl:https://lists.apache.org/thread.html/r8e592bbfc016a5dbe2a8c0e81ff99682b9c78c453621b82c14e7b75e%40%3Cdev.ant.apache.org%3E

Trust: 0.8

title:[jira] [Closed] (RAT-269) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANTurl:https://lists.apache.org/thread.html/r95dc943e47a211d29df605e14f86c280fc9fa8d828b2b53bd07673c9@%3Cdev.creadur.apache.org%3E

Trust: 0.8

title:[jira] [Commented] (RAT-269) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANTurl:https://lists.apache.org/thread.html/rd7dda48ff835f4d0293949837d55541bfde3683bd35bd8431e324538@%3Cdev.creadur.apache.org%3E

Trust: 0.8

title:[jira] [Created] (RAT-269) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANTurl:https://lists.apache.org/thread.html/rda80ac59119558eaec452e58ddfac2ccc9211da1c65f7927682c78b1@%3Cdev.creadur.apache.org%3E

Trust: 0.8

title:USN-4380-1url:https://usn.ubuntu.com/4380-1/

Trust: 0.8

title:Apache Ant Repair measures for information disclosure vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=120777

Trust: 0.6

title:Ubuntu Security Notice: Apache Ant vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4380-1

Trust: 0.1

title:Debian CVElist Bug Report Logs: ant: CVE-2020-1945url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=2f2bfe313c011b85e70b7511f52afaa3

Trust: 0.1

title:Debian CVElist Bug Report Logs: ant: CVE-2020-11979url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=2a449f8fc892d50c69e07a3668964924

Trust: 0.1

title:Red Hat: Moderate: Red Hat Decision Manager 7.9.0 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204960 - Security Advisory

Trust: 0.1

title:IBM: Security Bulletin: Vulnerability in Apache Ant affects IBM Platform Symphony and IBM Spectrum Symphonyurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=7b1cd05975d43c37f2d60c4fff131c25

Trust: 0.1

title:Arch Linux Advisories: [ASA-202005-15] ant: arbitrary command executionurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-202005-15

Trust: 0.1

title:Red Hat: Moderate: Red Hat Process Automation Manager 7.9.0 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204961 - Security Advisory

Trust: 0.1

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2020-1945 log

Trust: 0.1

title:IBM: Security Bulletin: Apache Ant Vulnerabilities Affect IBM Control Center (CVE-2020-1945, CVE-2020-11979)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=141b2e54160a76a0f41beef4db28270e

Trust: 0.1

title:Arch Linux Advisories: [ASA-202012-5] ant: arbitrary code executionurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-202012-5

Trust: 0.1

title:Red Hat: Important: OpenShift Container Platform 4.6.17 security and packages updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20210423 - Security Advisory

Trust: 0.1

sources: VULMON: CVE-2020-1945 // JVNDB: JVNDB-2020-005528 // CNNVD: CNNVD-202005-777

EXTERNAL IDS

db:NVDid:CVE-2020-1945

Trust: 3.4

db:OPENWALLid:OSS-SECURITY/2020/09/30/6

Trust: 1.8

db:OPENWALLid:OSS-SECURITY/2020/12/06/1

Trust: 1.8

db:PACKETSTORMid:157902

Trust: 0.8

db:PACKETSTORMid:161454

Trust: 0.8

db:PACKETSTORMid:158600

Trust: 0.8

db:PACKETSTORMid:159921

Trust: 0.8

db:PACKETSTORMid:161644

Trust: 0.8

db:JVNDBid:JVNDB-2020-005528

Trust: 0.8

db:CNNVDid:CNNVD-202005-777

Trust: 0.7

db:PACKETSTORMid:158150

Trust: 0.7

db:AUSCERTid:ESB-2020.1680

Trust: 0.6

db:AUSCERTid:ESB-2021.0771

Trust: 0.6

db:AUSCERTid:ESB-2020.1915

Trust: 0.6

db:AUSCERTid:ESB-2021.0599

Trust: 0.6

db:AUSCERTid:ESB-2020.3894

Trust: 0.6

db:AUSCERTid:ESB-2022.6025

Trust: 0.6

db:AUSCERTid:ESB-2020.2139

Trust: 0.6

db:AUSCERTid:ESB-2020.2472

Trust: 0.6

db:AUSCERTid:ESB-2020.3485

Trust: 0.6

db:AUSCERTid:ESB-2023.1653

Trust: 0.6

db:CS-HELPid:SB2021042552

Trust: 0.6

db:CS-HELPid:SB2021072748

Trust: 0.6

db:PACKETSTORMid:161647

Trust: 0.2

db:PACKETSTORMid:159924

Trust: 0.2

db:CNVDid:CNVD-2020-46282

Trust: 0.1

db:VULHUBid:VHN-172829

Trust: 0.1

db:VULMONid:CVE-2020-1945

Trust: 0.1

sources: VULHUB: VHN-172829 // VULMON: CVE-2020-1945 // JVNDB: JVNDB-2020-005528 // PACKETSTORM: 157902 // PACKETSTORM: 159924 // PACKETSTORM: 158150 // PACKETSTORM: 161644 // PACKETSTORM: 161454 // PACKETSTORM: 159921 // PACKETSTORM: 161647 // PACKETSTORM: 158600 // CNNVD: CNNVD-202005-777 // NVD: CVE-2020-1945

REFERENCES

url:https://www.oracle.com/security-alerts/cpujan2021.html

Trust: 2.4

url:https://www.oracle.com/security-alerts/cpujul2020.html

Trust: 2.4

url:https://www.oracle.com/security-alerts/cpuoct2020.html

Trust: 2.4

url:https://www.oracle.com/security-alerts/cpuapr2021.html

Trust: 2.3

url:https://www.oracle.com/security-alerts/cpuoct2021.html

Trust: 2.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-1945

Trust: 2.2

url:https://security.gentoo.org/glsa/202007-34

Trust: 1.9

url:https://usn.ubuntu.com/4380-1/

Trust: 1.9

url:https://lists.apache.org/thread.html/r8e592bbfc016a5dbe2a8c0e81ff99682b9c78c453621b82c14e7b75e%40%3cdev.ant.apache.org%3e

Trust: 1.8

url:http://www.openwall.com/lists/oss-security/2020/09/30/6

Trust: 1.8

url:http://www.openwall.com/lists/oss-security/2020/12/06/1

Trust: 1.8

url:http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00053.html

Trust: 1.8

url:https://www.oracle.com//security-alerts/cpujul2021.html

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpujan2022.html

Trust: 1.7

url:https://lists.apache.org/thread.html/r1863b9ce4c3e4b1e5b0c671ad05545ba3eb8399616aa746af5dfe1b1%40%3cdev.creadur.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r6970d196cd73863dafdbc3a7052562deedd338e3bd7d73d8171d92d6%40%3ccommits.groovy.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465%40%3cnotifications.groovy.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3cdev.ant.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r1a9c992d7c8219dc15b4ad448649f0ffdaa88d76ef6a0035c49455f5%40%3cdev.creadur.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r6030d34ceacd0098538425c5dac8251ffc7fd90b886942bc7ef87858%40%3cnotifications.groovy.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3cannounce.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r2704fb14ce068c64759a986f81d5b5e42ab434fa13d0f444ad52816b%40%3cdev.creadur.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c%40%3cdev.creadur.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rfd346609527a79662c48b1da3ac500ec30f29f7ddaa3575051e81890%40%3ccommits.creadur.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r8e24abb7dd77cda14c6df90a377c94f0a413bbfcec90a29540ff8adf%40%3cissues.hive.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r95dc943e47a211d29df605e14f86c280fc9fa8d828b2b53bd07673c9%40%3cdev.creadur.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rda80ac59119558eaec452e58ddfac2ccc9211da1c65f7927682c78b1%40%3cdev.creadur.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r4b2904d64affd4266cd72ccb2fc3927c1c2f22009f183095aa46bf90%40%3cissues.hive.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rb8ec556f176c83547b959150e2108e2ddf1d61224295941908b0a81f%40%3cannounce.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a%40%3cdev.creadur.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rf07feaf78afc8f701e21948a06ef92565d3dff1242d710f4fbf900b2%40%3cdev.creadur.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3cusers.groovy.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r1b32c76afffcf676e13ed635a3332f3e46e6aaa7722eb3fc7a28f58e%40%3cdev.hive.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rd7dda48ff835f4d0293949837d55541bfde3683bd35bd8431e324538%40%3cdev.creadur.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rce099751721c26a8166d8b6578293820832831a0b2cb8d93b8efa081%40%3cnotifications.groovy.apache.org%3e

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/eqbr65tinsjrn7ptpivnys33p535wm74/

Trust: 1.0

url:https://lists.apache.org/thread.html/rdaa9c51d5dc6560c9d2b3f3d742c768ad0705e154041e574a0fae45c%40%3cnotifications.groovy.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3cdev.groovy.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r815f88d1044760176f30a4913b4baacd06f3eae4eb662de7388e46d8%40%3cissues.hive.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r5dfc77048b1f9db26622dce91a6edf083d499397256594952fad5f35%40%3ccommits.myfaces.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305%40%3cdev.creadur.apache.org%3e

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/rrvawtcvxjmrykqkexysnbf7nlsr6oei/

Trust: 1.0

url:https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e%40%3cdev.creadur.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0%40%3cdev.creadur.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490%40%3cdev.creadur.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r6edd3e2cb79ee635630d891b54a4f1a9cd8c7f639d6ee34e75fbe830%40%3cissues.hive.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/re1ce84518d773a94a613d988771daf9252c9cf7375a9a477009f9735%40%3ccommits.creadur.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rb860063819b9c0990e1fbce29d83f4554766fe5a05e3b3939736bf2b%40%3ccommits.myfaces.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r6e295d792032ec02b32be3846c21a58857fba4a077d22c5842d69ba2%40%3ctorque-dev.db.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r0d08a96ba9de8aa435f32944e8b2867c368a518d4ff57782e3637335%40%3cissues.hive.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r3cea0f3da4f6d06d7afb6c0804da8e01773a0f50a09b8d9beb2cda65%40%3cissues.hive.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rc89e491b5b270fb40f1210b70554527b737c217ad2e831b643ead6bc%40%3cuser.ant.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc%40%3cdev.creadur.apache.org%3e

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/rrvawtcvxjmrykqkexysnbf7nlsr6oei/

Trust: 0.8

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/eqbr65tinsjrn7ptpivnys33p535wm74/

Trust: 0.8

url:https://lists.apache.org/thread.html/rb8ec556f176c83547b959150e2108e2ddf1d61224295941908b0a81f@%3cannounce.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967@%3cannounce.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea@%3cdev.ant.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/rc89e491b5b270fb40f1210b70554527b737c217ad2e831b643ead6bc@%3cuser.ant.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/rfd346609527a79662c48b1da3ac500ec30f29f7ddaa3575051e81890@%3ccommits.creadur.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/re1ce84518d773a94a613d988771daf9252c9cf7375a9a477009f9735@%3ccommits.creadur.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/r1863b9ce4c3e4b1e5b0c671ad05545ba3eb8399616aa746af5dfe1b1@%3cdev.creadur.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/r95dc943e47a211d29df605e14f86c280fc9fa8d828b2b53bd07673c9@%3cdev.creadur.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/rd7dda48ff835f4d0293949837d55541bfde3683bd35bd8431e324538@%3cdev.creadur.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/rda80ac59119558eaec452e58ddfac2ccc9211da1c65f7927682c78b1@%3cdev.creadur.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/r2704fb14ce068c64759a986f81d5b5e42ab434fa13d0f444ad52816b@%3cdev.creadur.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/r1a9c992d7c8219dc15b4ad448649f0ffdaa88d76ef6a0035c49455f5@%3cdev.creadur.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/rf07feaf78afc8f701e21948a06ef92565d3dff1242d710f4fbf900b2@%3cdev.creadur.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490@%3cdev.creadur.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e@%3cdev.creadur.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305@%3cdev.creadur.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc@%3cdev.creadur.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0@%3cdev.creadur.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c@%3cdev.creadur.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/r6e295d792032ec02b32be3846c21a58857fba4a077d22c5842d69ba2@%3ctorque-dev.db.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/r6970d196cd73863dafdbc3a7052562deedd338e3bd7d73d8171d92d6@%3ccommits.groovy.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967@%3cdev.groovy.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/rdaa9c51d5dc6560c9d2b3f3d742c768ad0705e154041e574a0fae45c@%3cnotifications.groovy.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/rce099751721c26a8166d8b6578293820832831a0b2cb8d93b8efa081@%3cnotifications.groovy.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/r6030d34ceacd0098538425c5dac8251ffc7fd90b886942bc7ef87858@%3cnotifications.groovy.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465@%3cnotifications.groovy.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967@%3cusers.groovy.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/r1b32c76afffcf676e13ed635a3332f3e46e6aaa7722eb3fc7a28f58e@%3cdev.hive.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/r0d08a96ba9de8aa435f32944e8b2867c368a518d4ff57782e3637335@%3cissues.hive.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/r6edd3e2cb79ee635630d891b54a4f1a9cd8c7f639d6ee34e75fbe830@%3cissues.hive.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/r4b2904d64affd4266cd72ccb2fc3927c1c2f22009f183095aa46bf90@%3cissues.hive.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/r8e24abb7dd77cda14c6df90a377c94f0a413bbfcec90a29540ff8adf@%3cissues.hive.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/r815f88d1044760176f30a4913b4baacd06f3eae4eb662de7388e46d8@%3cissues.hive.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/r3cea0f3da4f6d06d7afb6c0804da8e01773a0f50a09b8d9beb2cda65@%3cissues.hive.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/r5dfc77048b1f9db26622dce91a6edf083d499397256594952fad5f35@%3ccommits.myfaces.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/rb860063819b9c0990e1fbce29d83f4554766fe5a05e3b3939736bf2b@%3ccommits.myfaces.apache.org%3e

Trust: 0.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1945

Trust: 0.8

url:https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a@%3cdev.creadur.apache.org%3e

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2020-1945

Trust: 0.6

url:https://access.redhat.com/security/team/contact/

Trust: 0.6

url:https://bugzilla.redhat.com/):

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0599

Trust: 0.6

url:https://packetstormsecurity.com/files/157902/ubuntu-security-notice-usn-4380-1.html

Trust: 0.6

url:https://packetstormsecurity.com/files/159921/red-hat-security-advisory-2020-4960-01.html

Trust: 0.6

url:https://www.oracle.com/security-alerts/cpujul2021.html

Trust: 0.6

url:https://vigilance.fr/vulnerability/apache-ant-file-corruption-32379

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021042552

Trust: 0.6

url:https://packetstormsecurity.com/files/158600/gentoo-linux-security-advisory-202007-34.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3894/

Trust: 0.6

url:https://packetstormsecurity.com/files/161454/red-hat-security-advisory-2021-0423-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1680/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2472/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.1653

Trust: 0.6

url:https://packetstormsecurity.com/files/161644/red-hat-security-advisory-2021-0429-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2139/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-apache-ant-vulnerabilities-affect-ibm-control-center-cve-2020-1945-cve-2020-11979/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021072748

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1915/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0771

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-ant-affects-ibm-platform-symphony-and-ibm-spectrum-symphony/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.6025

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-ant-affect-ibm-operations-analytics-log-analysis-analysis-cve-2020-1945/

Trust: 0.6

url:https://packetstormsecurity.com/files/158150/red-hat-security-advisory-2020-2618-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3485/

Trust: 0.6

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.3

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.3

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.3

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-11979

Trust: 0.3

url:https://access.redhat.com/security/team/key/

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-11979

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-2875

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-2934

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-2933

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-17566

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-10693

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-1954

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-10714

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-17566

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-2875

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-2934

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-2933

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-14900

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-10683

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-10714

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-10683

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-10693

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-14900

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-1748

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-1954

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-1748

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-21607

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-21606

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-21608

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-21609

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-21602

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-21608

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-21603

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-21603

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-21611

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-21605

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-21610

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-21607

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-21605

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-21609

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-21602

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-21604

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-21604

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-21615

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-21610

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-21615

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-21606

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-21611

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/200.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/ant/1.10.6-1ubuntu0.1

Trust: 0.1

url:https://usn.ubuntu.com/4380-1

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:4961

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.9/

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=rhpam&version=7.9.0

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:2618

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11612

Trust: 0.1

url:https://access.redhat.com/products/red-hat-amq#streams

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=jboss.amq.streams&downloadtype=distributions&version=1.5.0

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11612

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.5/updating/updating-cluster

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:0429

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.5/release_notes/ocp-4-5-rel

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:0428

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.6/updating/updating-cluster

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:0423

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel

Trust: 0.1

url:https://access.redhat.com/errata/rhba-2021:0424

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=rhdm&version=7.9.0

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_decision_manager/7.9/

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:4960

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-25658

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-2308

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-2306

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-2306

Trust: 0.1

url:https://access.redhat.com/articles/11258.

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-2308

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-2307

Trust: 0.1

url:https://access.redhat.com/errata/rhba-2021:0638

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-2304

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-2309

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-2305

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-2309

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:0637

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-2305

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-2304

Trust: 0.1

url:https://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_r

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-2307

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25658

Trust: 0.1

url:https://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

sources: VULHUB: VHN-172829 // VULMON: CVE-2020-1945 // JVNDB: JVNDB-2020-005528 // PACKETSTORM: 157902 // PACKETSTORM: 159924 // PACKETSTORM: 158150 // PACKETSTORM: 161644 // PACKETSTORM: 161454 // PACKETSTORM: 159921 // PACKETSTORM: 161647 // PACKETSTORM: 158600 // CNNVD: CNNVD-202005-777 // NVD: CVE-2020-1945

CREDITS

Red Hat

Trust: 1.2

sources: PACKETSTORM: 159924 // PACKETSTORM: 158150 // PACKETSTORM: 161644 // PACKETSTORM: 161454 // PACKETSTORM: 159921 // PACKETSTORM: 161647 // CNNVD: CNNVD-202005-777

SOURCES

db:VULHUBid:VHN-172829
db:VULMONid:CVE-2020-1945
db:JVNDBid:JVNDB-2020-005528
db:PACKETSTORMid:157902
db:PACKETSTORMid:159924
db:PACKETSTORMid:158150
db:PACKETSTORMid:161644
db:PACKETSTORMid:161454
db:PACKETSTORMid:159921
db:PACKETSTORMid:161647
db:PACKETSTORMid:158600
db:CNNVDid:CNNVD-202005-777
db:NVDid:CVE-2020-1945

LAST UPDATE DATE

2024-12-21T20:34:19.197000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-172829date:2022-04-04T00:00:00
db:VULMONid:CVE-2020-1945date:2021-04-19T00:00:00
db:JVNDBid:JVNDB-2020-005528date:2020-06-17T00:00:00
db:CNNVDid:CNNVD-202005-777date:2023-03-21T00:00:00
db:NVDid:CVE-2020-1945date:2024-11-21T05:11:42.183

SOURCES RELEASE DATE

db:VULHUBid:VHN-172829date:2020-05-14T00:00:00
db:VULMONid:CVE-2020-1945date:2020-05-14T00:00:00
db:JVNDBid:JVNDB-2020-005528date:2020-06-17T00:00:00
db:PACKETSTORMid:157902date:2020-06-02T14:34:18
db:PACKETSTORMid:159924date:2020-11-06T15:18:46
db:PACKETSTORMid:158150date:2020-06-19T16:45:29
db:PACKETSTORMid:161644date:2021-03-03T15:53:12
db:PACKETSTORMid:161454date:2021-02-18T14:14:45
db:PACKETSTORMid:159921date:2020-11-06T15:06:03
db:PACKETSTORMid:161647date:2021-03-03T15:53:58
db:PACKETSTORMid:158600date:2020-07-27T18:34:18
db:CNNVDid:CNNVD-202005-777date:2020-05-14T00:00:00
db:NVDid:CVE-2020-1945date:2020-05-14T16:15:12.767