Low Severity

Security Bulletin: CVE-2018-10886 ant before version 1.9.12 unzip and untar targets allows the extraction of files outside the target directory.

Share this post:

ant before version 1.9.12 unzip and untar targets allows the extraction of files outside the target directory. A crafted zip or tar file submitted to an Ant build could create or overwrite arbitrary files with the privileges of the user running Ant.

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
UCD – IBM UrbanCode Deploy 6.2.7.4
UCD – IBM UrbanCode Deploy 6.2.7.3
UCD – IBM UrbanCode Deploy 7.0.4.0
UCD – IBM UrbanCode Deploy 7.0.3.0
UCD – IBM UrbanCode Deploy All

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6360841

More stories

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager Oct 2020 CPU (CVE-2020-14779,CVE-2020-14796, CVE-2020-14797,CVE-2020-14798)

Mar 5, 2021 7:00 pm EST | Low Severity

There are multiple vulnerabilities in IBM SDK Java Technology Edition used by IBM Tivoli System Automation Application Manager. These issues were disclosed as part of the IBM Java SDK updates in Oct 2020. ...read more


Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects WebSphere Application Server January 2021 CPU that is bundled with IBM WebSphere Application Server Patterns

Mar 5, 2021 7:00 pm EST | Low Severity

There are multiple vulnerabilities in the IBM SDK Java Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed in the IBM Java SDK updates in January 2021. ...read more


Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in TensorFlow 

Feb 27, 2021 7:00 pm EST | Low Severity

IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of TensorFlow . ...read more