HIGH🇬🇧 English

CVE-2020-11979

CVSS 7.5v3.1pub. 2020-10-01upd. 2024-11-21

As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
  • Apache Ant

    APP
    Apache
    1.10.8
  • Fedora Project Fedora

    OS
    Fedoraproject
    313233
  • Gradle

    APP
    Gradle
    < 6.8.0
  • Oracle Agile Engineering Data Management

    APP
    Oracle
    6.2.1.0
  • Oracle Api Gateway

    APP
    Oracle
    11.1.2.4.0
  • Oracle Banking Platform

    APP
    Oracle
    2.4.02.4.12.6.22.7.02.7.12.8.0
  • Oracle Banking Treasury Management

    APP
    Oracle
    14.4
  • Oracle Communications Unified Inventory Management

    APP
    Oracle
    7.4.07.4.1
  • Oracle Data Integrator

    APP
    Oracle
    12.2.1.3.012.2.1.4.0
  • Oracle Endeca Information Discovery Studio

    APP
    Oracle
    3.2.0.0
  • Oracle Enterprise Repository

    APP
    Oracle
    11.1.1.7.0
  • Oracle Financial Services Analytical Applications Infrastructure

    APP
    Oracle
    8.1.08.1.18.0.6 – 8.0.9
  • Oracle Flexcube Private Banking

    APP
    Oracle
    12.0.012.1.0
  • Oracle Primavera Gateway

    APP
    Oracle
    17.12.0 – 17.12.916.2.0 – 16.2.11
  • Oracle Primavera Unifier

    APP
    Oracle
    16.116.218.819.1220.1217.7 – 17.12
  • Oracle Real Time Decision Server

    APP
    Oracle
    11.1.1.9.03.2.0.0
  • Oracle Retail Advanced Inventory Planning

    APP
    Oracle
    14.1
  • Oracle Retail Assortment Planning

    APP
    Oracle
    16.0.3
  • Oracle Retail Category Management Planning \& Optimization

    APP
    Oracle
    16.0.3
  • Oracle Retail Eftlink

    APP
    Oracle
    19.0.120.0.0
  • Oracle Retail Financial Integration

    APP
    Oracle
    14.1.315.0.316.0.3
  • Oracle Retail Integration Bus

    APP
    Oracle
    15.0.3
  • Oracle Retail Item Planning

    APP
    Oracle
    16.0.3
  • Oracle Retail Macro Space Optimization

    APP
    Oracle
    16.0.3
  • Oracle Retail Merchandise Financial Planning

    APP
    Oracle
    16.0.3
  • Oracle Retail Merchandising System

    APP
    Oracle
    14.1.3.216.0.3
  • Oracle Retail Predictive Application Server

    APP
    Oracle
    14.1
  • Oracle Retail Regular Price Optimization

    APP
    Oracle
    16.0.3
  • Oracle Retail Replenishment Optimization

    APP
    Oracle
    16.0.3
  • Oracle Retail Service Backbone

    APP
    Oracle
    14.1.315.0.316.0.3
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2024-4577CRITICAL9.8⚠ KEVPL ✓ten sam produkt

PHP CGI argument injection – RCE na Windows przez mechanizm Best-Fit

CVE-2024-5274CRITICAL9.6⚠ KEVPL ✓ten sam produkt

Type Confusion w V8 (Google Chrome) — RCE przez spreparowaną stronę HTML

CVE-2024-4947CRITICAL9.6⚠ KEVPL ✓ten sam produkt

Type Confusion w silniku V8 Chrome — zdalne wykonanie kodu (RCE)

CVE-2024-4671CRITICAL9.6⚠ KEVPL ✓ten sam produkt

Use-after-free w Google Chrome Visuals umożliwiający ucieczkę z sandbox

CVE-2023-6345CRITICAL9.6⚠ KEVPL ✓ten sam produkt

Integer overflow w Skia w Google Chrome — sandbox escape