Low Severity
Security Bulletin: CVE-2018-10886 ant before version 1.9.12 unzip and untar targets allows the extraction of files outside the target directory.
Nov 12, 2020 7:07 pm EST
Categorized: Low Severity
Share this post:
ant before version 1.9.12 unzip and untar targets allows the extraction of files outside the target directory. A crafted zip or tar file submitted to an Ant build could create or overwrite arbitrary files with the privileges of the user running Ant.
Affected product(s) and affected version(s):
| Affected Product(s) | Version(s) |
| UCD – IBM UrbanCode Deploy | 6.2.7.4 |
| UCD – IBM UrbanCode Deploy | 6.2.7.3 |
| UCD – IBM UrbanCode Deploy | 7.0.4.0 |
| UCD – IBM UrbanCode Deploy | 7.0.3.0 |
| UCD – IBM UrbanCode Deploy | All |
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6360841
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager Oct 2020 CPU (CVE-2020-14779,CVE-2020-14796, CVE-2020-14797,CVE-2020-14798)
Mar 5, 2021 7:00 pm EST | Low Severity
There are multiple vulnerabilities in IBM SDK Java Technology Edition used by IBM Tivoli System Automation Application Manager. These issues were disclosed as part of the IBM Java SDK updates in Oct 2020. ...read more
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects WebSphere Application Server January 2021 CPU that is bundled with IBM WebSphere Application Server Patterns
Mar 5, 2021 7:00 pm EST | Low Severity
There are multiple vulnerabilities in the IBM SDK Java Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed in the IBM Java SDK updates in January 2021. ...read more
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in TensorFlow
Feb 27, 2021 7:00 pm EST | Low Severity
IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of TensorFlow . ...read more