Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server used by IBM Rational ClearQuest (CVE-2022-39161)

Summary

IBM WebSphere Application Server (WAS) is used by the IBM Rational ClearQuest server and web components. Information about a security vulnerability affecting WAS has been published in a security bulletin.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Remediation/Fixes

Refer to the following security bulletin(s) for vulnerability details and information about fixes addressed by IBM WebSphere Application Server (WAS), which is used by IBM Rational ClearQuest.

Security Bulletin: IBM WebSphere Application Server traditional is vulnerable to spoofing when using Web Server Plug-ins (CVE-2022-39161)

ClearQuest Versions

|

Applying the fix

—|—
9.0.1.x, 9.0.2.x, 9.1.x, 10.0.x| Apply the appropriate IBM WebSphere Application Server fix (see bulletin link above) directly to your CM server host. No ClearQuest-specific steps are necessary.

For 9.0.0.x, 8.0.1.x, 8.0.0.x and earlier releases, IBM recommends upgrading to a fixed, supported version/release/platform of the product.

Workarounds and Mitigations

None