GSKit is an IBM component that is used by IBM Rational ClearQuest. The GSKit that is shipped with Rational contains a security vulnerability and ClearQuest has addressed the applicable CVE.
CVEID: CVE-2015-0159**
DESCRIPTION:** An unspecified error in GSKit usage of OpenSSL crypto function related to the production of incorrect results on some platforms by Bignum squaring (BN_sqr) has an unknown attack vector and impact in some ECC operations.
CVSS Base Score: 2.6
CVSS Temporal Score: See http://exchange.xforce.ibmcloud.com/#/vulnerabilities/100835 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N)
Only ClearQuest 8.0.1 through ClearQuest 8.0.1.6, and ClearQuest 8.0.0.0 through ClearQuest 8.0.0.13 are affected. ClearQuest uses the GSKit for secure LDAP connections and for password generation.
Affected Versions
|
** Applying the fix**
—|—
8.0.1.x
| Install Rational ClearQuest Fix Pack 7 (8.0.1.7)
8.0.0.x
| Install Rational ClearQuest Fix Pack 14 (8.0.0.14)
None