Jun 26, 2019 9:01 am EDT
Categorized: Medium Severity
Share this post:
An OpenSSL vulnerability was disclosed on February 26, 2019 by the OpenSSL Project. OpenSSL is used by IBM Rational ClearCase. IBM Rational ClearCase has addressed the applicable CVE.
Affected product(s) and affected version(s):
IBM Rational ClearCase versions:
| 9.0.1 through 18.104.22.168
| 9.0 through 22.214.171.124
| 8.0.1 through 126.96.36.199
| 8.0 through 188.8.131.52
Not all deployments of Rational ClearCase use OpenSSL in a way that is affected by these vulnerabilities.
You are vulnerable if your use of Rational ClearCase includes any of these configurations:
- You use the base ClearCase/ClearQuest integration client on any platform, configured to use SSL to communicate with a ClearQuest server.
- You use the UCM/ClearQuest integration on UNIX/Linux clients, configured to use SSL to communicate with a ClearQuest server.
Note: Windows clients using the UCM/ClearQuest integration are not vulnerable.
- On UNIX/Linux clients, you use the Change Management Integration (CMI), when configured to use SSL to communicate with the server.
Note: Windows clients using the CMI integration are not vulnerable.
- You use ratlperl, ccperl, or cqperl to run your own perl scripts, and those scripts use SSL connections.
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10886659
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/157514