IBM15451632432C1CCA3C33FDECB4978DD1EF314117B2E52FAC4FCD4468EDC1D288Security Bulletin: Vulnerabilities in GSKit affect IBM Rational ClearQuest (CVE-2015-0159)
Summary
GSKit is an IBM component that is used by IBM Rational ClearQuest. The GSKit that is shipped with Rational contains a security vulnerability and ClearQuest has addressed the applicable CVE.
Vulnerability Details
CVEID: CVE-2015-0159**
DESCRIPTION:** An unspecified error in GSKit usage of OpenSSL crypto function related to the production of incorrect results on some platforms by Bignum squaring (BN_sqr) has an unknown attack vector and impact in some ECC operations.
CVSS Base Score: 2.6
CVSS Temporal Score: See http://exchange.xforce.ibmcloud.com/#/vulnerabilities/100835 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N)
Affected Products and Versions
Only ClearQuest 8.0.1 through ClearQuest 8.0.1.6, and ClearQuest 8.0.0.0 through ClearQuest 8.0.0.13 are affected. ClearQuest uses the GSKit for secure LDAP connections and for password generation.
Remediation/Fixes
Affected Versions
|
** Applying the fix**
—|—
8.0.1.x
| Install Rational ClearQuest Fix Pack 7 (8.0.1.7)
8.0.0.x
| Install Rational ClearQuest Fix Pack 14 (8.0.0.14)
Workarounds and Mitigations
None
Related
