Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM02C39794B1CE58EEE8C607275FD2B58E5A6893F29970CAF0BE86A2946210B1B7
HistoryJun 25, 2024 - 11:50 a.m.

Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM DevOps Code ClearCase (CVE-2024-25026, CVE-2023-50313, CVE-2024-22329)

2024-06-2511:50:47
www.ibm.com
2
ibm
websphere application server
clearcase
security bulletin
vulnerability

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

Summary

IBM WebSphere Application Server (WAS) is shipped as a component of IBM DevOps Code ClearCase. Information about security vulnerabilities affecting WAS have been published in security bulletins.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s) Version(s)
IBM Rational ClearCase 10.0.0
IBM Rational ClearCase 9.1
IBM DevOps Code ClearCase 11.0

Remediation/Fixes

Refer to the following security bulletin(s) for vulnerability details and information about fixes addressed by IBM WebSphere Application Server (WAS) which is shipped with IBM Rational ClearCase.

Principal Product and Version(s) Affected Supporting Product and Version Affected Supporting Product Security Bulletin
IBM DevOps Code ClearCase 11.0.X

IBM Rational ClearCase, versions 10.0.0.x, 9.1.x| IBM WebSphere Application Server versions 8.5 and 9.0.|

Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to server-side request forgery (CVE-2024-22329)

Security Bulletin: IBM WebSphere Application Server could provide weaker than expected security (CVE-2023-50313)

Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to a denial of service (CVE-2024-25026)

ClearCase Versions

|

Applying the fix

—|—
11.0.x, 10.0.0.x, 9.1.x|

  1. Determine the WAS version used by your CCRC WAN server. Navigate to the CCRC profile directory (either the profile you specified when installing ClearCase, or <ccase-home>/common/ccrcprofile), then execute the script: bin/versionInfo.sh (UNIX) or bin\versionInfo.bat (Windows). The output includes a section “IBM WebSphere Application Server”. Make note of the version listed in this section. Check your installed version of IBM WebSphere Application Server against this bulletin’s list of vulnerable versions.
  2. Identify the latest available fixes (per the bulletin(s) listed above) for the version of WAS used for CCRC WAN server.
  3. Apply the appropriate WebSphere Application Server fix directly to your CCRC WAN server host. No ClearCase-specific steps are necessary.

For 9.0.2.x and earlier releases, IBM recommends upgrading to a fixed, supported version/release/platform of the product.

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmrational_clearcaseMatchany
CPENameOperatorVersion
ibm rational clearcaseeqany

Related

ibm 74
cve 3
cvelist 3
nessus 4
nvd 3
cnvd 1
ibm
ibm
Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Operations Analytics Predictive Insights
2024-05-09 10:18:51
Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty and Apache Xerces C++ XML parser may affect IBM Storage Protect for Space Management
2024-06-28 08:15:17
Security Bulletin: Security Vulnerabilities in Liberty affect IBM Voice Gateway
2024-05-17 13:55:31
cve
cve
CVE-2023-50313
2024-04-02 13:15:51
CVE-2024-22329
2024-04-17 02:15:10
CVE-2024-25026
2024-04-25 13:15:51
cvelist
cvelist
CVE-2024-22329 IBM WebSphere Application Server server-side request forgery
2024-04-17 01:21:46
CVE-2023-50313 IBM WebSphere Application Server information disclosure
2024-04-02 12:54:31
CVE-2024-25026 IBM WebSphere Application Server denial of service
2024-04-25 12:16:24
nessus
nessus
IBM WebSphere Application Server 8.5.x < 8.5.5.26 / 9.x < 9.0.5.20 / Liberty 17.0.0.3 < 24.0.0.4 (7148380)
2024-04-16 00:00:00
IBM WebSphere Application Server 8.5.x < 8.5.5.26 / 9.x < 9.0.5.20 (7145620)
2024-04-02 00:00:00
IBM WebSphere Application Server 8.5.x < 8.5.5.26 / 9.x < 9.0.5.20 / Liberty 17.0.0.3 < 24.0.0.5 DoS (7149330)
2024-04-25 00:00:00
nvd
nvd
CVE-2023-50313
2024-04-02 13:15:51
CVE-2024-25026
2024-04-25 13:15:51
CVE-2024-22329
2024-04-17 02:15:10
cnvd
cnvd
IBM WebSphere Application Server and IBM WebSphere Application Server Liberty Server-Side Request Forgery Vulnerability
2024-04-17 00:00:00

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON
Related for 02C39794B1CE58EEE8C607275FD2B58E5A6893F29970CAF0BE86A2946210B1B7
ibm74cve3cvelist3nessus4nvd3cnvd1