Lucene search

IBM18D14479FECD4A4798BDB211884D128BF4FC8D9706E0C0390969F2663A34C78A

HistoryAug 19, 2024 - 9:06 a.m.

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is used by IBM Rational ClearQuest (CVE-2024-35154)

2024-08-1909:06:54

www.ibm.com

ibm websphere application server

ibm rational clearquest

security bulletin

remote code execution

vulnerability

fixes

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

High

JSON

Summary

IBM WebSphere Application Server (WAS) is used by IBM Rational ClearQuest server and web components. Information about security vulnerability affecting WAS has been published in a security bulletin.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Rational ClearQuest	9.1 - 9.1.0.6
IBM Rational ClearQuest	10.0 - 10.0.5

Remediation/Fixes

Refer to the following security bulletin(s) for vulnerability details and information about fixes addressed by IBM WebSphere Application Server (WAS), which is used by IBM Rational ClearQuest.

Principal Product and Version(s)	Affected Supporting Product and Version	Affected Supporting Product Security Bulletin
IBM Rational ClearQuest, versions 9.1 to 9.1.0.6, 10.0 to 10.0.5	IBM WebSphere Application Server versions 8.5 and 9.0.

Security Bulletin: IBM WebSphere Application Server is vulnerable to remote code execution (CVE-2024-35154)

ClearQuest Versions

Applying the fix

—|—
9.1 to 9.1.0.6, 10.0 to 10.0.5| Apply the appropriate IBM WebSphere Application Server fix (see bulletin link above) directly to your CM server host. No ClearQuest specific steps are necessary.

For 9.0.1.x, 9.0.2.x, and earlier releases, IBM recommends upgrading to a fixed, supported version/release/platform of the product.

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmrational_clearquestMatch8.0.0

ibmrational_clearquestMatch8.0.1

ibmrational_clearquestMatch9.0.0

ibmrational_clearquestMatch9.0.1

ibmrational_clearquestMatch9.0.2

ibmrational_clearquestMatch9.1.0

VendorProductVersionCPE
ibmrational_clearquest8.0.0cpe:2.3:a:ibm:rational_clearquest:8.0.0:*:*:*:*:*:*:*
ibmrational_clearquest8.0.1cpe:2.3:a:ibm:rational_clearquest:8.0.1:*:*:*:*:*:*:*
ibmrational_clearquest9.0.0cpe:2.3:a:ibm:rational_clearquest:9.0.0:*:*:*:*:*:*:*
ibmrational_clearquest9.0.1cpe:2.3:a:ibm:rational_clearquest:9.0.1:*:*:*:*:*:*:*
ibmrational_clearquest9.0.2cpe:2.3:a:ibm:rational_clearquest:9.0.2:*:*:*:*:*:*:*
ibmrational_clearquest9.1.0cpe:2.3:a:ibm:rational_clearquest:9.1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	rational_clearquest	8.0.0	cpe:2.3:a:ibm:rational_clearquest:8.0.0:::::::*
ibm	rational_clearquest	8.0.1	cpe:2.3:a:ibm:rational_clearquest:8.0.1:::::::*
ibm	rational_clearquest	9.0.0	cpe:2.3:a:ibm:rational_clearquest:9.0.0:::::::*
ibm	rational_clearquest	9.0.1	cpe:2.3:a:ibm:rational_clearquest:9.0.1:::::::*
ibm	rational_clearquest	9.0.2	cpe:2.3:a:ibm:rational_clearquest:9.0.2:::::::*
ibm	rational_clearquest	9.1.0	cpe:2.3:a:ibm:rational_clearquest:9.1.0:::::::*