High Severity

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Rational ClearQuest (CVE-2019-4473, CVE-2019-11771)

Share this post:

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 7 and 8, which are used by IBM Rational ClearQuest on the AIX platform. IBM Rational ClearQuest has addressed the applicable CVEs.

Affected Products and Versions

IBM Rational ClearQuest version 9 on AIX in the following components:

  • ClearQuest Web/CQ OSLC server/CM Server component, when configured to use SSL.
  • ClearQuest Eclipse clients that use Report Designer, run remote reports on servers using secure connections, or use the embedded browser to connect to secure web sites. If you do not use the ClearQuest Eclipse client in this way, then you are not affected.
ClearQuest version
Status
9.0.1 through 9.0.1.8
Affected
9.0 through 9.0.0.6
Affected

 

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/1101867
More High Severity stories

Security Bulletin: Security Vulnerabilties have been addressed in IBM Cognos Analytics

Jan 5, 2020 8:03 pm EST | High Severity

This Security Bulletin addresses vulnerabilities that have been addressed in IBM Cognos Analytics 11.1.4 and 11.0.13 FP2. A vulnerability has been addressed where a parameter in a Cognos URL can be modified such that Cognos HTTP messages are forwarded to a hostile server. (CVE-2018-1721) A vulnerability has been addressed where the The X-Powered-By attribute is ...read more


Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Financial Transaction Manager for Check Services for Multi-Platform

Jan 5, 2020 7:44 pm EST | High Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 or Version 8 used by Financial Transaction Manager for Check Services for Multi-Platform (FMT CHK). Financial Transaction Manager for Check Services for Multi-Platform has addressed the applicable CVEs. Affected Products and Versions FTM CHK: v3.0.0.0 – 3.0.0.15, v3.0.2.0 – 3.0.2.1, v3.0.5.0 – 3.0.5.4 Refer ...read more


Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Financial Transaction Manager for Corporate Payment Services for Multi-Platform

Jan 5, 2020 7:24 pm EST | High Severity

There are multiple vulnerabilities in the IBM® Runtime Environment Java™ Version 7 or version 8 used by Financial Transaction Manager for Corporate Payment Services for Multi-Platform (FTM CPS). Financial Transaction Manager for Corporate Payment Services for Multi-Platform has addressed the applicable CVEs. Affected Products and Versions FTM CPS: v3.0.2.0 – 3.0.2.1, v3.2.1.0 Refer to the ...read more