IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Rational ClearQuest (CVE-2016-2183, CVE-2016-5546, CVE-2016-5547, CVE-2016-5548, CVE-2016-5549)
There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 6, 7, and 8, which are used by IBM Rational ClearQuest. These issues were disclosed as part of the IBM Java SDK updates in January 2017.
CVE(s): CVE-2016-5546, CVE-2016-5548, CVE-2016-5549, CVE-2016-5547, CVE-2016-2183
Affected product(s) and affected version(s):
IBM Rational ClearQuest, versions 7.1, 7.1.1, 7.1.2, 8.0, 8.0.1 and 9.0 in the following components:
- ClearQuest Web/CQ OSLC server/CM Server component, when configured to use SSL.
- ClearQuest Eclipse clients that use Report Designer, run remote reports on servers using secure connections, or use the embedded browser to connect to secure web sites. If you do not use the ClearQuest Eclipse client in this way, then you are not affected.
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2fkib1M
X-Force Database: http://ift.tt/2lA4akm
X-Force Database: http://ift.tt/2lAx183
X-Force Database: http://ift.tt/2msD77U
X-Force Database: http://ift.tt/2msBF5I
X-Force Database: http://ift.tt/2dR3VyC
The post IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Rational ClearQuest (CVE-2016-2183, CVE-2016-5546, CVE-2016-5547, CVE-2016-5548, CVE-2016-5549) appeared first on IBM PSIRT Blog.
| ClearQuest version | Status |
| 9.0.1, 9.0.1.1 | Not Affected |
| 9.0 through 9.0.0.4 | Affected |
| 8.0.1 through 8.0.1.14 | Affected |
| 8.0 through 8.0.0.21 | Affected |
| 7.1.2 through 7.1.2.19 (all fix packs) | Affected |
from IBM Product Security Incident Response Team http://ift.tt/2xn7hCn