IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Rational ClearCase (CVE-2016-7055, CVE-2017-3731)
OpenSSL vulnerabilities were disclosed on January 26, 2017 by the OpenSSL Project. OpenSSL is used by IBM Rational ClearCase. IBM Rational ClearCase has addressed the applicable CVEs.
CVE(s): CVE-2017-3731, CVE-2016-7055
Affected product(s) and affected version(s):
IBM Rational ClearCase versions:
Not all deployments of Rational ClearCase use OpenSSL in a way that is affected by these vulnerabilities.
You are vulnerable if your use of Rational ClearCase includes any of these configurations:
- You use the base ClearCase/ClearQuest integration client on any platform, configured to use SSL to communicate with a ClearQuest server.
- You use the UCM/ClearQuest integration on UNIX/Linux clients, configured to use SSL to communicate with a ClearQuest server.
Note: Windows clients using the UCM/ClearQuest integration are not vulnerable. - On UNIX/Linux clients, you use the Change Management Integration (CMI) when configured to use SSL to communicate with the server (ClearQuest or Rational Team Concert (RTC) or Jira).
Note: Windows clients using the CMI integration are not vulnerable. - You use ratlperl, ccperl, or cqperl to run your own perl scripts, and those scripts use SSL connections.
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2xngHOo
X-Force Database: http://ift.tt/2knsB3D
X-Force Database: http://ift.tt/2hjUUfeThe post IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Rational ClearCase (CVE-2016-7055, CVE-2017-3731) appeared first on IBM PSIRT Blog.
| Version | Status |
| 9.0.1, 9.0.1.1 | Not Affected |
| 9.0 through 9.0.0.4 | Affected |
| 8.0.1 through 8.0.1.14 | Affected |
| 8.0 through 8.0.0.21 | Affected |
| 7.1.2 through 7.1.2.19 (all fix packs) | Affected |
from IBM Product Security Incident Response Team http://ift.tt/2fkuRpF