WebSphere Application Server is vulnerable to a denial of service (CVE-2021-38951). This may affect IBM Engineering Products based on IBM Jazz technology.
Refer to the security bulletin(s) listed in the Remediation/Fixes section
| Affected Product(s) | Version(s) |
| Rational Quality Manager (RQM) | 6.0.6.1 |
| IBM Engineering Test Management (ETM) | 7.0.1 |
| IBM Engineering Test Management (ETM) | 7.0.2 |
| Rational Quality Manager (RQM) | 6.0.6 |
| IBM Engineering Test Management (ETM) | 7.0.0 |
| IBM Engineering Workflow Management (EWM) | 7.0.2 |
| IBM Engineering Workflow Management (EWM) | 7.0.1 |
| Rational Team Concert (RTC) | 6.0.6.1 |
| IBM Engineering Workflow Management (EWM) | 7.0 |
| Rational Team Concert (RTC) | 6.0.6 |
| Global Configuration Management (GCM) | 6.0.6, 6.0.6.1 |
| Global Configuration Management (GCM) | 7.0, 7.0.1, 7.0.2 |
| Collaborative Lifecycle Management (CLM) | 6.0.6.1 |
| Collaborative Lifecycle Management (CLM) | 6.0.6 |
| Engineering Lifecycle Management (ELM) | 7.0.2 |
| Engineering Lifecycle Management (ELM) | 7.0 |
| Engineering Lifecycle Management (ELM) | 7.0.1 |
| IBM Engineering Requirements Management DOORS Next (DOORS Next) | 7.0.2 |
| IBM Engineering Requirements Management DOORS Next (DOORS Next) | 7.0 |
| IBM Engineering Requirements Management DOORS Next (DOORS Next) | 7.0.1 |
| Rational DOORS Next Generation (RDNG) | 6.0.6.1 |
| Rational DOORS Next Generation (RDNG) | 6.0.6 |
IBM strongly recommends addressing the vulnerability now by taking the steps below:
WebSphere Application Server traditional 9.0, 8.5, 8.0, 7.0 is vulnerable to a denial of service (CVE-2021-38951). If you integrate any of the IBM Jazz Team Server-based products and versions (6.0.6, 6.0.6.1, 7.0, 7.0.1, 7.0.2) listed above, you will want to review and apply the following IBM WebSphere Application Server (WAS) remediation guidance.
https://www.ibm.com/support/pages/node/6524674
References
Off
06 Jan 2022: Initial Publication
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSPRJQ","label":"IBM Engineering Lifecycle Management Base"},"Component":"","Platform":[{"code":"PF033","label":"Windows"},{"code":"PF016","label":"Linux"}],"Version":"7.0, 7.0.1, 7.0.2","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}},{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSUVLZ","label":"IBM Engineering Requirements Management DOORS Next"},"Component":"","Platform":[{"code":"PF033","label":"Windows"},{"code":"PF016","label":"Linux"}],"Version":"7.0, 7.0.1, 7.0.2","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}},{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSUC3U","label":"IBM Engineering Workflow Management"},"Component":"","Platform":[{"code":"PF033","label":"Windows"},{"code":"PF016","label":"Linux"}],"Version":"7.0, 7.0.1, 7.0.2","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}},{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSRNEV","label":"Rational Rhapsody Design Manager"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.0.6 - 7.0.2","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}},{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSSRPNG","label":"Global Configuration Management"},"Component":"","Platform":[{"code":"PF033","label":"Windows"},{"code":"PF016","label":"Linux"}],"Version":"6.0.6,6.0.6.1,7.0,7.0.1,7.0.2","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}},{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSR27Q","label":"Rational Quality Manager"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.0.6 - 7.0.2","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}},{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSJJ9R","label":"Rational DOORS Next Generation"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.0.6 - 7.0.2","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}},{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSYMRC","label":"Rational Collaborative Lifecycle Management"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.0.6 - 7.0.2","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}},{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSCP65","label":"Rational Team Concert"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.0.6 - 7.0.2","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}},{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSUVV6","label":"IBM Engineering Test Management"},"Component":"","Platform":[{"code":"PF033","label":"Windows"},{"code":"PF016","label":"Linux"}],"Version":"7.0, 7.0.1, 7.0.2","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}}]