Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM4E17B4CFEB0800E640EED235504507D40115E287961F61E993303F945E568D16
HistoryOct 03, 2023 - 2:03 p.m.

Security Bulletin: Multiple vulnerabilities in OpenSSL affects IBM Rational ClearCase.

2023-10-0314:03:43
www.ibm.com
19
openssl
ibm rational clearcase
vulnerabilities
fix pack
denial of service
certificate verification
vulnerability
policy checking
denial of service
remote attacker
bypass security

0.003 Low

EPSS

Percentile

65.3%

JSON

Summary

OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM Rational ClearCase. CVE-2023-0466, CVE-2023-0465, CVE-2023-0464, CVE-2023-2650

Vulnerability Details

CVEID:CVE-2023-0466
**DESCRIPTION:**OpenSSL could allow a remote attacker to bypass security restrictions, caused by a flaw in the X509_VERIFY_PARAM_add0_policy function. By using invalid certificate policies, an attacker could exploit this vulnerability to bypass certificate verification.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/251307 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID:CVE-2023-0465
**DESCRIPTION:**OpenSSL could allow a remote attacker to bypass security restrictions, caused by a flaw when using a non-default option to verify certificates. By using invalid certificate policies in leaf certificates, an attacker could exploit this vulnerability to bypass policy checking.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/251293 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID:CVE-2023-0464
**DESCRIPTION:**OpenSSL is vulnerable to a denial of service, caused by an error related to the verification of X.509 certificate chains that include policy constraints. By creating a specially crafted certificate chain that triggers exponential use of computational resources, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/250736 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2023-2650
**DESCRIPTION:**OpenSSL is vulnerable to a denial of service, caused by a flaw when using OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/256611 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Rational ClearCase 9.1
IBM Rational ClearCase 9.0.2

Remediation/Fixes

Apply a fix pack as listed in the table below.

Affected Versions

|

Applying the fix

—|—
9.1 through 9.1.0.4| Install Rational ClearCase Fix Pack 5 (9.1.0.5) for 9.1
9.0.2 through 9.0.2.7|

Install Rational ClearCase Fix Pack 8 (9.0.2.8) for 9.0.2

For 9.0.2.x and earlier releases, IBM recommends upgrading to a fixed, supported version/release/platform of the product.

_For 10.0.0.x releases, IBM recommends upgrading to 10.0.1.x release. _

Workarounds and Mitigations

None

Related

nessus 76
ibm 17
openvas 57
debian 2
amazon 4
osv 6
fedora 2
oraclelinux 2
redhat 6
almalinux 1
rosalinux 1
ubuntu 2
cloudfoundry 1
aix 1
freebsd 3
f5 1
photon 2
cloudlinux 2
broadcom 1
prion 1
alpinelinux 1
cve 1
ubuntucve 1
wolfi 1
cbl_mariner 3
mageia 1
debiancve 1
redhatcve 1
githubexploit 1
nessus
nessus
Debian DSA-5417-1 : openssl - security update
2023-05-31 00:00:00
EulerOS Virtualization 3.0.6.6 : openssl (EulerOS-SA-2023-3408)
2024-01-16 00:00:00
Amazon Linux 2 : openssl (ALAS-2023-2073)
2023-06-08 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Workload Automation.
2024-04-18 15:34:44
Security Bulletin: Multiple OpenSSL vulnerabilities affect IBM Safer Payments
2023-07-28 13:39:20
Security Bulletin: OpenSSL publicly disclosed vulnerabilities affect IBM® MobileFirst Platform
2023-08-08 10:37:36
openvas
openvas
OpenSSL Multiple Vulnerabilities (20230322, 20230328, 20230530) - Linux
2023-03-23 00:00:00
OpenSSL Multiple Vulnerabilities (20230322, 20230328, 20230530) - Windows
2023-03-23 00:00:00
Debian: Security Advisory (DSA-5417-1)
2023-06-01 00:00:00
debian
debian
[SECURITY] [DSA 5417-1] openssl security update
2023-05-31 14:51:05
[SECURITY] [DLA 3449-1] openssl security update
2023-06-08 16:32:59
amazon
amazon
Medium: openssl
2023-06-05 16:39:00
Medium: openssl
2023-06-05 16:39:00
Medium: openssl11
2023-05-11 17:49:00
osv
osv
openssl - security update
2023-06-08 00:00:00
openssl - security update
2023-05-31 00:00:00
Moderate: openssl security and bug fix update
2023-06-21 00:00:00
fedora
fedora
[SECURITY] Fedora 37 Update: openssl-3.0.9-1.fc37
2023-06-04 01:24:09
[SECURITY] Fedora 38 Update: openssl-3.0.9-1.fc38
2023-06-03 02:46:16
oraclelinux
oraclelinux
openssl security and bug fix update
2023-06-22 00:00:00
openssl security update
2023-08-31 00:00:00
redhat
redhat
(RHSA-2023:3722) Moderate: openssl security and bug fix update
2023-06-21 13:52:15
(RHSA-2023:7622) Moderate: Red Hat JBoss Web Server 5.7.7 release and security update
2023-12-07 12:13:40
(RHSA-2023:4437) Moderate: Red Hat OpenShift Data Foundation 4.13.1 security and bug fix update
2023-08-02 16:06:00
almalinux
almalinux
Moderate: openssl security and bug fix update
2023-06-21 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2024-2366
2024-03-05 08:46:27
ubuntu
ubuntu
OpenSSL vulnerabilities
2023-04-25 00:00:00
OpenSSL vulnerability
2023-06-22 00:00:00
cloudfoundry
cloudfoundry
USN-6039-1: OpenSSL vulnerabilities | Cloud Foundry
2023-06-30 00:00:00
aix
aix
Multiple vulnerabilities in OpenSSL affect AIX
2023-09-11 10:43:54
freebsd
freebsd
Python -- multiple vulnerabilities
2022-06-08 00:00:00
OpenSSL -- Multiple vulnerabilities
2023-03-28 00:00:00
OpenSSL -- Possible DoS translating ASN.1 identifiers
2023-05-30 00:00:00
f5
f5
K000134574 : OpenSSL vulnerabilities CVE-2023-0465 and CVE-2023-0466
2023-05-11 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2023-5.0-0034
2023-06-21 00:00:00
Important Photon OS Security Update - PHSA-2023-3.0-0594
2023-06-08 00:00:00
cloudlinux
cloudlinux
openssl: Fix of 3 CVEs
2023-05-04 21:42:17
openssl: Fix of CVE-2023-2650
2023-06-20 13:49:26
broadcom
broadcom
Possible DoS translating ASN.1 object identifiers (CVE-2023-2650)
2024-04-17 00:00:00
prion
prion
Authentication flaw
2023-05-30 14:15:00
alpinelinux
alpinelinux
CVE-2023-2650
2023-05-30 14:15:09
cve
cve
CVE-2023-2650
2023-05-30 14:15:09
ubuntucve
ubuntucve
CVE-2023-2650
2023-05-30 00:00:00
wolfi
wolfi
CVE-2023-2650 vulnerabilities
2024-05-18 09:07:35
cbl_mariner
cbl_mariner
CVE-2023-2650 affecting package openssl 1.1.1k-15
2023-06-27 21:25:25
CVE-2023-2650 affecting package edk2 for versions less than 20230301gitf80f052277c8-37
2023-11-08 02:07:28
CVE-2023-2650 affecting package kata-containers-cc for versions less than 0.4.1-2
2024-05-18 09:07:43
mageia
mageia
Updated openssl packages fix security vulnerability
2023-06-08 22:34:59
debiancve
debiancve
CVE-2023-2650
2023-05-30 14:15:09
redhatcve
redhatcve
CVE-2023-2650
2023-05-30 15:11:50
githubexploit
githubexploit
Exploit for Allocation of Resources Without Limits or Throttling in Openssl
2023-06-05 17:40:59

0.003 Low

EPSS

Percentile

65.3%

JSON
Related for 4E17B4CFEB0800E640EED235504507D40115E287961F61E993303F945E568D16
nessus76ibm17openvas57debian2amazon4osv6fedora2oraclelinux2redhat6almalinux1rosalinux1ubuntu2cloudfoundry1aix1freebsd3f51photon2cloudlinux2broadcom1prion1alpinelinux1cve1ubuntucve1wolfi1cbl_mariner3mageia1debiancve1redhatcve1githubexploit1