There are multiple vulnerabilities in IBM® Runtime Environment Java Versions 6, 7 and 8, which are used by IBM Rational ClearQuest. These issues were disclosed as part of the IBM Java SDK updates in October 2018.
CVE(s): CVE-2018-3180
Affected product(s) and affected version(s):
IBM Rational ClearQuest version 8 and 9 in the following components:
- ClearQuest Web/CQ OSLC server/CM Server component, when configured to use SSL.
- ClearQuest Eclipse clients that use Report Designer, run remote reports on servers using secure connections, or use the embedded browser to connect to secure web sites. If you do not use the ClearQuest Eclipse client in this way, then you are not affected.
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10875398
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/151497
The post IBM Security Bulletin: A security vulnerability in IBM Java Runtime affects IBM Rational ClearQuest (CVE-2018-3180) appeared first on IBM PSIRT Blog.
ClearQuest version | Status |
9.0.1 through 9.0.1.5 | Affected |
9.0 through 9.0.0.6 | Affected |
8.0 through 8.0.0.21 | Affected |
8.0.1 through 8.0.1.19 | Affected |
from IBM Product Security Incident Response Team https://ift.tt/2UWdGNF
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.