IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Rational ClearQuest (CVE-2016-2107)

OpenSSL vulnerabilities were disclosed on May 3, 2016 by the OpenSSL Project. OpenSSL is used by IBM Rational ClearQuest. IBM Rational ClearQuest has addressed the applicable CVEs.

CVE(s): CVE-2016-2107

Affected product(s) and affected version(s):

IBM Rational ClearQuest versions:

Not all deployments of Rational ClearQuest use OpenSSL in a way that is affected by these vulnerabilities.

You are vulnerable if your use of Rational ClearQuest includes any of these configurations:

  1. You use SSL connections in perl scripts run by ratlperl or cqperl, or by ClearQuest hooks. In this situation, you should review all the fixes provided by the OpenSSL project to see which ones apply to your use of OpenSSL. See the references link below.
  2. You integrate with ClearCase. See Security Bulletin: Vulnerability in OpenSSL affects IBM Rational ClearCase (CVE-2016-2107)
  3. You connect to a ClearQuest database using SSL.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2ccJarU
X-Force Database: http://ift.tt/1NwOQz5

VersionStatus
9.0 through 9.0.0.01Affected
8.0.1 through 8.0.1.10Affected
8.0 through 8.0.0.17Affected
7.1.0.x, 7.1.1.x, 7.1.2.x (all versions)Affected


from IBM Product Security Incident Response Team http://ift.tt/2ccIEdf