There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 7 and 8, which are used by IBM Rational ClearQuest. These issues were disclosed as part of the IBM Java SDK updates in October 2017.
CVE(s): CVE-2017-10356, CVE-2017-10345
Affected product(s) and affected version(s):
IBM Rational ClearQuest version 9 in the following components:
- ClearQuest Web/CQ OSLC server/CM Server component, when configured to use SSL.
- ClearQuest Eclipse clients that use Report Designer, run remote reports on servers using secure connections, or use the embedded browser to connect to secure web sites. If you do not use the ClearQuest Eclipse client in this way, then you are not affected.
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg22012391
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/133785
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/133774
The post IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Rational ClearQuest (CVE-2017-10356, CVE-2017-10345) appeared first on IBM PSIRT Blog.
| ClearQuest version | Status |
| 9.0.1 through 9.0.1.2 | Affected |
| 9.0 through 9.0.0.6 | Affected |
from IBM Product Security Incident Response Team https://ift.tt/2HGq0iH
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.