Medium Severity

IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Rational ClearCase (CVE-2019-1559)

Share this post:

An OpenSSL vulnerability was disclosed on February 26, 2019 by the OpenSSL Project. OpenSSL is used by IBM Rational ClearCase. IBM Rational ClearCase has addressed the applicable CVE.

CVE(s): CVE-2019-1559

Affected product(s) and affected version(s):

IBM Rational ClearCase versions:

Version Status
9.0.1 through 9.0.1.7 Affected
9.0 through 9.0.0.6 Affected
8.0.1 through 8.0.1.21 Affected
8.0 through 8.0.0.21 Affected

Not all deployments of Rational ClearCase use OpenSSL in a way that is affected by these vulnerabilities.

You are vulnerable if your use of Rational ClearCase includes any of these configurations:

  1. You use the base ClearCase/ClearQuest integration client on any platform, configured to use SSL to communicate with a ClearQuest server.
  2. You use the UCM/ClearQuest integration on UNIX/Linux clients, configured to use SSL to communicate with a ClearQuest server.
    Note: Windows clients using the UCM/ClearQuest integration are not vulnerable.
  3. On UNIX/Linux clients, you use the Change Management Integration (CMI), when configured to use SSL to communicate with the server.
    Note: Windows clients using the CMI integration are not vulnerable.
  4. You use ratlperl, ccperl, or cqperl to run your own perl scripts, and those scripts use SSL connections.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10886659
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/157514

More stories

IBM Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerabilities (CVE-2018-0732, CVE-2018-0739, CVE-2017-3735)

Jul 21, 2019 9:00 am EDT | Medium Severity

IBM has announced a release for IBM Security Identity Governance and Intelligence (IGI) in response to security vulnerabilities 3 issues for OpenSSL: 2 for a denial of service and 1 for an error while parsing an IPAdressFamily extension in an X.509 certificate. CVE(s): CVE-2018-0732, CVE-2018-0739, CVE-2017-3735 Affected product(s) and affected version(s):IBM Security Identity Governance and ...read more


IBM Security Bulletin: A Security Vulnerability affects IBM Cloud Private – Kubernetes (CVE-2019-11246)

Jul 20, 2019 9:01 am EDT | Medium Severity

A Security Vulnerability affects IBM Cloud Private – Kubernetes (CVE-2019-11246) CVE(s): CVE-2019-11246 Affected product(s) and affected version(s):IBM Cloud Private 3.1.0, 3.1.1, 3.1.2, 3.2.0 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=ibm10957893X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/162892 ...read more


IBM Security Bulletin: Multiple vulnerabilities in Jetty affect Netcool Agile Service Manager (CVE-2019-10247, CVE-2019-10246)

Jul 19, 2019 9:02 am EDT | Medium Severity

There are multiple vulnerabilities in Eclipse Jetty used by Netcool Agile Service Manager. Netcool Agile Service Manager has addressed the applicable CVEs. CVE(s): CVE-2019-10247, CVE-2019-10246 Affected product(s) and affected version(s):Netcool Agile Service Manager 1.1.3 – 1.1.4 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10887913X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/160610X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/160611 ...read more