Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
Low
Attack Vector
Local
0

CVE-2020-1945

Disclosure Date: May 14, 2020
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
6.3 Medium
Impact Score:
5.2
Exploitability Score:
1
Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Attack Vector (AV):
Local
Attack Complexity (AC):
High
Privileges Required (PR):
Low
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
None

General Information

Vendors

  • apache,
  • canonical,
  • fedoraproject,
  • opensuse,
  • oracle

Products

  • agile engineering data management 6.2.1.0,
  • ant,
  • banking enterprise collections,
  • banking liquidity management,
  • banking platform,
  • business process management suite 12.2.1.3.0,
  • business process management suite 12.2.1.4.0,
  • category management planning & optimization 15.0.3,
  • communications asap 7.3,
  • communications diameter signaling router,
  • communications metasolv solution 6.3.0,
  • communications order and service management 7.3,
  • communications order and service management 7.4,
  • data integrator 12.2.1.3.0,
  • data integrator 12.2.1.4.0,
  • endeca information discovery studio 3.2.0,
  • enterprise manager ops center 12.4.0.0,
  • enterprise repository 11.1.1.7.0,
  • fedora 31,
  • fedora 32,
  • financial services analytical applications infrastructure,
  • flexcube investor servicing 12.1.0,
  • flexcube investor servicing 12.3.0,
  • flexcube investor servicing 12.4.0,
  • flexcube investor servicing 14.0.0,
  • flexcube investor servicing 14.1.0,
  • flexcube private banking 12.0.0,
  • flexcube private banking 12.1.0,
  • health sciences information manager,
  • leap 15.2,
  • primavera gateway,
  • primavera unifier,
  • primavera unifier 16.1,
  • primavera unifier 16.2,
  • primavera unifier 18.8,
  • primavera unifier 19.12,
  • rapid planning 12.1,
  • rapid planning 12.2,
  • real-time decision server 3.2.1.0,
  • retail advanced inventory planning 14.1,
  • retail advanced inventory planning 15.0,
  • retail advanced inventory planning 16.0,
  • retail assortment planning 15.0.3,
  • retail assortment planning 16.0.3,
  • retail back office 14.0,
  • retail back office 14.1,
  • retail bulk data integration 15.0,
  • retail bulk data integration 16.0,
  • retail bulk data integration 16.0.3.0,
  • retail bulk data integration 19.0.1,
  • retail central office 14.0,
  • retail central office 14.1,
  • retail data extractor for merchandising 1.10,
  • retail data extractor for merchandising 1.9,
  • retail extract transform and load 13.2.5,
  • retail extract transform and load 13.2.8,
  • retail financial integration 14.1.3.2,
  • retail financial integration 15.0,
  • retail financial integration 15.0.4.0,
  • retail financial integration 16.0,
  • retail financial integration 16.0.3.0,
  • retail integration bus 14.1,
  • retail integration bus 14.1.3.2,
  • retail integration bus 15.0,
  • retail integration bus 15.0.4.0,
  • retail integration bus 16.0,
  • retail integration bus 16.0.3.0,
  • retail integration bus 19.0.1.0,
  • retail item planning 15.0.3,
  • retail macro space optimization 15.0.3,
  • retail merchandise financial planning 15.0.3,
  • retail merchandising system 19.0.1,
  • retail point-of-service 14.0,
  • retail point-of-service 14.1,
  • retail point-of-service 15.0,
  • retail point-of-service 16.0,
  • retail predictive application server 14.0.3,
  • retail predictive application server 14.1.3,
  • retail predictive application server 15.0.3,
  • retail predictive application server 16.0.3,
  • retail predictive application server 16.0.3.0,
  • retail regular price optimization 15.0.3,
  • retail regular price optimization 16.0.3,
  • retail replenishment optimization 15.0.3,
  • retail returns management 14.0,
  • retail returns management 14.1,
  • retail service backbone 14.1.3.2,
  • retail service backbone 15.0,
  • retail service backbone 15.0.4.0,
  • retail service backbone 16.0,
  • retail service backbone 16.0.3.0,
  • retail service backbone 19.0.1.0,
  • retail size profile optimization 15.0.3,
  • retail size profile optimization 16.0.3,
  • retail store inventory management 14.0.4,
  • retail store inventory management 14.1,
  • retail store inventory management 14.1.3,
  • retail store inventory management 15.0,
  • retail store inventory management 15.0.3,
  • retail store inventory management 16.0,
  • retail store inventory management 16.0.3,
  • retail xstore point of service 15.0.4,
  • retail xstore point of service 16.0.6,
  • retail xstore point of service 17.0.4,
  • retail xstore point of service 18.0.3,
  • retail xstore point of service 19.0.2,
  • timesten in-memory database,
  • timesten in-memory database 11.2.2.8.49,
  • ubuntu linux 19.10,
  • utilities framework,
  • utilities framework 2.2.0.0.0,
  • utilities framework 4.2.0.2.0,
  • utilities framework 4.2.0.3.0,
  • utilities framework 4.4.0.0.0,
  • utilities framework 4.4.0.2.0

References

Advisory

Additional Info

Technical Analysis