Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server (WAS) shipped with IBM Rational ClearQuest (CVE-2016-3426, CVE-2016-3427)

Summary

IBM WebSphere Application Server is shipped as a component of IBM Rational ClearQuest. Information about a security vulnerability affecting WAS has been published in a security bulletin.

Vulnerability Details

Refer to the bulletin “Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affect WebSphere Application Server April 2016 CPU (CVE-2016-3426, CVE-2016-3427)” for vulnerability details and information about fixes.

Affected Products and Versions

IBM Rational ClearQuest, CQ Web Server, FTS Server, report launcher component.

Versions 8.0.0.x, 8.0.1.x, 9.0.0.x

Versions 7.1.x.x

Remediation/Fixes

Review the security bulletin referenced above and apply the relevant fixes to your WAS installation used for ClearQuest.

Affected Versions

|

** Applying the fix**

—|—
7.1.0.x, 7.1.1.x, and 7.1.2.x| Document 1390803 explains how to update WebSphere Application Server for ClearQuest CM Servers at release 7.1.x. Consult those instructions when applying the fix.
8.0.0.x
8.0.1.x
9.0.0.x| Apply the appropriate WebSphere Application Server fix directly to your ClearQuest server host. No ClearQuest-specific steps are necessary.
For 7.0.x, 7.1.x and earlier releases, IBM recommends upgrading to a fixed, supported version/release/platform of the product.