Security Bulletin
Summary
IBM WebSphere Application Server is shipped as a component of ClearQuest. Information about a security vulnerability affecting IBM WebSphere Application Server (WAS) has been published in a security bulletin.
Vulnerability Details
Subscribe to My Notifications to be notified of important product support alerts like this.
|
Review security bulletin Classloader Manipulation Vulnerability in IBM WebSphere Application Server CVE-2014-0114 for vulnerability details.
Affected Products and Versions
|
Affected Product and Version(s) | Product and version shipped as a component |
| 8.0.1.x is not affected | WAS 8.5 media is included as a separate download, and only WAS 8.x is supported. |
| 8.0.0.x (Affected when using WAS 7.x) | WAS 8 media is included as a separate download, but user may still be on WAS 7.x. |
| 7.1.2.x | WAS 6.1.0.25 |
| 7.1.1.x | WAS 6.1.0.25 |
| 7.1.0.x | WAS 6.1.0.15 |
Note: WAS V8.x is not affected, but you may have a choice as to the WAS version used with ClearQuest, so be sure to check which version of WAS is actually installed.
Remediation/Fixes
Review the Remediation/Fixes section in security bulletin Classloader Manipulation Vulnerability in IBM WebSphere Application Server CVE-2014-0114 for a solution.
Affected Versions | Applying the fix |
| 7.1.0.x, 7.1.1.x, and 7.1.2.x | Document 1390803 explains how to update WebSphere Application Server for ClearQuest CM Servers at release 7.1.x. Consult those instructions when applying the fix. |
| 8.0.0.x, running with WebSphere Application Server 7 | Apply the WebSphere Application Server fix directly to your ClearQuest CM Servers host. No ClearQuest-specific steps are necessary. |
Workarounds and Mitigations
None
Get Notified about Future Security Bulletins
References
Acknowledgement
None
Change History
* 28 May 2014: Original copy published
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
Internal Use Only
IBM20140513-1040-44 Advisory DB ID = 1747 PSIRT Record 37501: WebSphere Application Server affected by Struts vulnerability (CVE-2014-0114)
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21673530