Lucene search

K
ibmIBM6BE76E6593112B4CC1EC73FC4322997218965DAB53DE8D42456F751E52A95BCE
HistoryDec 22, 2021 - 3:42 p.m.

Security Bulletin: Vulnerability in libcURL affect IBM Rational ClearCase ( CVE-2021-22924)

2021-12-2215:42:57
www.ibm.com
22

EPSS

0.002

Percentile

53.6%

Summary

libcURL vulnerabilities were disclosed by the libcURL Project. libcURL is used by IBM Rational ClearCase. IBM Rational ClearCase has addressed the applicable CVEs.

Vulnerability Details

CVEID:CVE-2021-22924
**DESCRIPTION:**An unspecified error with bad connection reused due to improper path name validation in cURL libcurl has an unknown impact and attack vector.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/206047 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Rational ClearCase 8.0.0
IBM Rational ClearCase 9.0
IBM Rational ClearCase 9.0.1
IBM Rational ClearCase 9.1
IBM Rational ClearCase 9.0.2
IBM Rational ClearCase 8.0.1

Remediation/Fixes

Apply a fix pack as listed in the table below. The fix pack includes libcURL 7.79.1**.**

Affected Versions

|

Applying the fix

—|—
9.1 through 9.1.0.2| Install Rational ClearCase Fix Pack 2 (9.1.0.2) for 9.1
9.0.2 through 9.0.2.5| Install Rational ClearCase Fix Pack 5 (9.0.2.5) for 9.0.2

9.0.1 through 9.0.1.13
9.0 through 9.0.0.6

| Install Rational ClearCase Fix Pack 13 (9.0.1.13) for 9.0.1

Workarounds and Mitigations

None