Low Severity

IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Rational ClearCase (CVE-2018-0732)

Share this post:

An OpenSSL vulnerability was disclosed on June 12 2018 by the OpenSSL Project. OpenSSL is used by IBM Rational ClearCase. IBM Rational ClearCase has addressed the applicable CVE.

CVE(s): CVE-2018-0732

Affected product(s) and affected version(s):

IBM Rational ClearCase versions:

Version Status
9.0.1 through 9.0.1.4 Affected
9.0 through 9.0.0.6 Affected
8.0.1 through 8.0.1.18 Affected
8.0 through 8.0.0.21 Affected

Not all deployments of Rational ClearCase use OpenSSL in a way that is affected by these vulnerabilities.

You are vulnerable if your use of Rational ClearCase includes any of these configurations:

  1. You use the base ClearCase/ClearQuest integration client on any platform, configured to use SSL to communicate with a ClearQuest server.
  2. You use the UCM/ClearQuest integration on UNIX/Linux clients, configured to use SSL to communicate with a ClearQuest server.
    Note: Windows clients using the UCM/ClearQuest integration are not vulnerable.
  3. On UNIX/Linux clients, you use the Change Management Integration (CMI), when configured to use SSL to communicate with the server.
    Note: Windows clients using the CMI integration are not vulnerable.
  4. You use ratlperl, ccperl, or cqperl to run your own perl scripts, and those scripts use SSL connections.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10738401
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/144658

More stories

IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to Back and Refresh Attack (CVE-2019-4048)

Jun 4, 2019 9:01 am EDT | Low Severity

IBM Maximo Asset Management could allow a physical user of the system to obtain sensitive information from a previous user of the same machine. CVE(s): CVE-2019-4048 Affected product(s) and affected version(s): This vulnerability affects the following versions of the IBM Maximo Asset Management core product, and all other IBM Maximo Industry Solution and IBM Control ...read more


IBM Security Bulletin: A vulnerability in Apache Commons Compress may affect IBM Cloud App Management V2018

May 31, 2019 9:00 am EDT | Low Severity

There is a vulnerability in Apache Commons Compress used by IBM® Cloud App Management V2018. IBM® Cloud App Management has addressed the applicable CVE in a later version. CVE(s): CVE-2018-11771 Affected product(s) and affected version(s): IBM Cloud App Management V2018.2.0 IBM Cloud App Management V2018.4.0 IBM Cloud App Management V2018.4.1 Refer to the following reference ...read more


IBM Security Bulletin: Potential Spoofing vulnerability in WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-1902)

May 24, 2019 9:00 am EDT | Low Severity

There is a potential spoofing vulnerability in IBM WebSphere Application Server which affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center). CVE(s): CVE-2018-1902 Affected product(s) and affected version(s): Affected Product Affected Versions IBM Tivoli Storage Productivity Center 5.2.0 – 5.2.7.1 IBM Spectrum Control 5.2.8 – 5.2.17.2 IBM Spectrum Control 5.3.0 – 5.3.2 The versions listed ...read more