IBM Support

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Rational ClearQuest (CVE-2014-0114)

Created by Naomi Guerrero on
Published URL:
https://www.ibm.com/support/pages/node/510433
510433

Security Bulletin


Summary

IBM WebSphere Application Server is shipped as a component of ClearQuest. Information about a security vulnerability affecting IBM WebSphere Application Server (WAS) has been published in a security bulletin.

Vulnerability Details

Subscribe to My Notifications to be notified of important product support alerts like this.
  • Follow this link for more information (requires login with your IBM ID)

Review security bulletin Classloader Manipulation Vulnerability in IBM WebSphere Application Server CVE-2014-0114 for vulnerability details.

Affected Products and Versions

Affected Product and Version(s)

Product and version shipped as a component
8.0.1.x is not affectedWAS 8.5 media is included as a separate download, and only WAS 8.x is supported.
8.0.0.x (Affected when using WAS 7.x)WAS 8 media is included as a separate download, but user may still be on WAS 7.x.
7.1.2.xWAS 6.1.0.25
7.1.1.xWAS 6.1.0.25
7.1.0.xWAS 6.1.0.15

Note: WAS V8.x is not affected, but you may have a choice as to the WAS version used with ClearQuest, so be sure to check which version of WAS is actually installed.

Remediation/Fixes

Review the Remediation/Fixes section in security bulletin Classloader Manipulation Vulnerability in IBM WebSphere Application Server CVE-2014-0114 for a solution.

Affected Versions
Applying the fix
7.1.0.x, 7.1.1.x, and 7.1.2.xDocument 1390803 explains how to update WebSphere Application Server for ClearQuest CM Servers at release 7.1.x. Consult those instructions when applying the fix.
8.0.0.x, running with WebSphere Application Server 7Apply the WebSphere Application Server fix directly to your ClearQuest CM Servers host. No ClearQuest-specific steps are necessary.

Workarounds and Mitigations

None

Get Notified about Future Security Bulletins

References

Off

Acknowledgement

None

Change History

* 28 May 2014: Original copy published

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.

Internal Use Only

IBM20140513-1040-44 Advisory DB ID = 1747 PSIRT Record 37501: WebSphere Application Server affected by Struts vulnerability (CVE-2014-0114)

[{"Product":{"code":"SSSH5A","label":"Rational ClearQuest"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"CM Server","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"7.1;7.1.0.1;7.1.0.2;7.1.1;7.1.1.1;7.1.1.2;7.1.1.3;7.1.1.4;7.1.1.5;7.1.1.6;7.1.1.7;7.1.1.8;7.1.1.9;7.1.2;7.1.2.1;7.1.2.10;7.1.2.11;7.1.2.12;7.1.2.13;7.1.2.2;7.1.2.3;7.1.2.4;7.1.2.5;7.1.2.6;7.1.2.7;7.1.2.8;7.1.2.9;8.0;8.0.0.1;8.0.0.10;8.0.0.2;8.0.0.3;8.0.0.4;8.0.0.5;8.0.0.6;8.0.0.7;8.0.0.8;8.0.0.9","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
16 June 2018

UID

swg21673530