Lucene search

IBM600CAD8E5BC0BC9CE4A6825FFDFF753A26F12819987DF1A297DDDC54B132D993

HistoryJul 07, 2022 - 6:37 a.m.

Security Bulletin: Vulnerabilities in IBM WebSphere Application Server Liberty (CVE-2021-39038, CVE-2021-23450) may impact IBM Engineering Lifecycle Management (ELM) products based on IBM Jazz technology

2022-07-0706:37:48

www.ibm.com

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

83.5%

JSON

Summary

IBM Engineering Lifecycle Management (ELM) products based on IBM Jazz technology may integrate with IBM WebSphere Application Server Liberty (WAS Liberty). Please review the following WAS Liberty Bulletins covering CVE-2021-39038, CVE-2021-23450 and take corrective actions.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Version(s)	Affected Product(s)
6.0.6, 6.0.6.1	Collaborative Lifecycle Management (CLM)
Global Configuration Management (GCM)
IBM Jazz Reporting Service (JRS)
Rational DOORS Next Generation (RDNG)
Rational Quality Manager (RQM)
Rational Team Concert (RTC)
7.0, 7.0.1, 7.0.2	Engineering Lifecycle Management (ELM)
IBM Engineering Requirements Management DOORS Next(DNG)
IBM Engineering Test Management (ETM)
IBM Engineering Workflow Management (EWM)
Global Configuration Management (GCM)
IBM Jazz Reporting Service (JRS)

Remediation/Fixes

There are multiple vulnerabilities in IBM WebSphere Application Server Liberty which may be optionally installed with IBM Jazz Team Server-based products listed above. If you have installed IBM WebSphere Application Server Liberty review the links below and apply the following remediation guidance.

Start by reviewing the following Bulletins for upgrading Liberty to a Supported Version

Next, Review the following security bulletins to further patch your Liberty installation

WAS Liberty Security bulletins:

Workarounds and Mitigations

None

CPENameOperatorVersion
rational rhapsody design managereq6.0.6
rational rhapsody design managereq7.0.2
rational quality managereq6.0.6
rational quality managereq7.0.2
rational collaborative lifecycle managementeq6.0.6
rational collaborative lifecycle managementeq7.0.2
rational team concerteq6.0.6
rational team concerteq7.0.2
rational doors next generationeq6.0.6
rational doors next generationeq7.0.2

Name	Operator	Version
rational rhapsody design manager	eq	6.0.6
rational rhapsody design manager	eq	7.0.2
rational quality manager	eq	6.0.6
rational quality manager	eq	7.0.2
rational collaborative lifecycle management	eq	6.0.6
rational collaborative lifecycle management	eq	7.0.2
rational team concert	eq	6.0.6
rational team concert	eq	7.0.2
rational doors next generation	eq	6.0.6
rational doors next generation	eq	7.0.2