Low Severity

IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Rational ClearCase (CVE-2018-0732)

Share this post:

An OpenSSL vulnerability was disclosed on June 12 2018 by the OpenSSL Project. OpenSSL is used by IBM Rational ClearCase. IBM Rational ClearCase has addressed the applicable CVE.

CVE(s): CVE-2018-0732

Affected product(s) and affected version(s):

IBM Rational ClearCase versions:

Version Status
9.0.1 through 9.0.1.4 Affected
9.0 through 9.0.0.6 Affected
8.0.1 through 8.0.1.18 Affected
8.0 through 8.0.0.21 Affected

Not all deployments of Rational ClearCase use OpenSSL in a way that is affected by these vulnerabilities.

You are vulnerable if your use of Rational ClearCase includes any of these configurations:

  1. You use the base ClearCase/ClearQuest integration client on any platform, configured to use SSL to communicate with a ClearQuest server.
  2. You use the UCM/ClearQuest integration on UNIX/Linux clients, configured to use SSL to communicate with a ClearQuest server.
    Note: Windows clients using the UCM/ClearQuest integration are not vulnerable.
  3. On UNIX/Linux clients, you use the Change Management Integration (CMI), when configured to use SSL to communicate with the server.
    Note: Windows clients using the CMI integration are not vulnerable.
  4. You use ratlperl, ccperl, or cqperl to run your own perl scripts, and those scripts use SSL connections.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10738401
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/144658

More stories

Security Bulletin: IBM Tivoli Common Reporting (TCR) interim fixes address Security Vulnerability and Exposure CVE-2018-1902

Feb 14, 2020 7:00 pm EST | Low Severity

IBM Tivoli Common Reporting (TCR) interim fixes address Security Vulnerability and Exposure (CVE-2018-1902) ...read more


Security Bulletin: Vulnerability in IBM Java Runtime affect Financial Transaction Manager for Digital Payments

Feb 13, 2020 7:00 pm EST | Low Severity

There is a vulnerability in IBM® Runtime Environment Java™ Version 8 used by Financial Transaction Manager for Digital Payments. Financial Transaction Manager for Digital Payments (FTM DP) has addressed the applicable CVE.If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether additional Java vulnerabilities are applicable to your code. For a complete list of vulnerabilities, refer to the "IBM Java SDK Security Bulletin", located in the References section for more information. ...read more


Security Bulletin: CVE-2019-4666 IBM UrbanCode Deploy (UCD) could allow a local user to obtain sensitive information by unmasking certain secure values in documents.

Feb 12, 2020 7:00 pm EST | Low Severity

IBM UrbanCode Deploy (UCD) could allow a local user to obtain sensitive information by unmasking certain secure values in documents. ...read more