IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Rational ClearCase (CVE-2018-3180, CVE-2018-3139)

There are multiple vulnerabilities in IBM® Runtime Environment Java Versions 6, 7, and 8, which are used by IBM Rational ClearCase. These issues were disclosed as part of the IBM Java SDK updates in October 2018.

CVE(s): CVE-2018-3180, CVE-2018-3139

Affected product(s) and affected version(s):

IBM Rational ClearCase version 8 and 9 in the following components:

• CCRC WAN server/CM Server component, when configured to use SSL
• ClearCase remote client: CCRC/CTE GUI, rcleartool, and CMAPI clients

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10875314
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/151497
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/151455

The post IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Rational ClearCase (CVE-2018-3180, CVE-2018-3139) appeared first on IBM PSIRT Blog.

ClearCase version	Status
9.0.1 through 9.0.1.5	Affected
9.0 through 9.0.0.6	Affected
8.0 through 8.0.0.21	Affected
8.0.1 through 8.0.1.19	Affected

from IBM Product Security Incident Response Team https://ift.tt/2UTlrnK