Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM6E7F36EE55AD4648B4A26C017596C381DC6105F8E94A271A4C034FE7EB448F30
HistoryOct 04, 2023 - 7:22 a.m.

Security Bulletin: Multiple vulnerabilities in the GSKit builds affect IBM Rational ClearQuest

2023-10-0407:22:11
www.ibm.com
14
ibm rational clearquest
gskit
vulnerabilities
java virtual machine
websphere
fixes

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

43.0%

JSON

Summary

There are multiple vulnerabilities in the GSKit, which are used by IBM Rational ClearQuest. IBM Rational ClearQuest has addressed the applicable CVEs.

Vulnerability Details

CVEID:CVE-2023-33850
**DESCRIPTION:**IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 257132.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/257132 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2023-32342
**DESCRIPTION:**IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 255828.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/255828 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Rational ClearQuest 9.0.2
IBM Rational ClearQuest 9.1
IBM Rational ClearQuest 10.0

Remediation/Fixes

The solution is to install a fix that includes an updated Java™ Virtual Machine with fixes for the issues, and to apply fixes for WebSphere Application Server (WAS).

ClearQuest Eclipse Clients

Apply the relevant fixes as listed in the table below.

Affected Versions

|

Applying the fix

—|—

9.0.2 through 9.0.2.7

| Install Rational ClearQuest Fix Pack 8 (9.0.2.8) for 9.0.2

9.1 through 9.1.0.4

| Install Rational ClearQuest Fix Pack 5 (9.1.0.5) for 9.1

10.0 through 10.0.2

| Install Rational ClearQuest Fix Pack 3 (10.0.3) for 10.0

For 9.0.1.x, and earlier releases, IBM recommends upgrading to a fixed, supported version/release/platform of the product.

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmrational_clearquestMatch9.0.0
OR
ibmrational_clearquestMatch9.0.1
OR
ibmrational_clearquestMatch9.0.2

Related

ibm 114
cve 2
cvelist 2
nessus 6
cnvd 1
prion 2
nvd 2
aix 1
openvas 1
ibm
ibm
Security Bulletin: IBM® Db2® is vulnerable to an information disclosure vulnerability due to the consumed GSKit library (CVE-2023-33850)
2023-11-29 20:05:24
Security Bulletin: Multiple vulnerabilities in the IBM Java Runtime affects IBM Rational ClearCase.
2023-10-03 14:05:49
Security Bulletin: A security vulnerability has been identified in IBM HTTP Server shipped with IBM Rational ClearCase [CVE-2023-32342]
2023-08-28 10:34:04
cve
cve
CVE-2023-32342
2023-05-30 22:15:10
CVE-2023-33850
2023-08-22 21:15:07
cvelist
cvelist
CVE-2023-32342 IBM GSKit information disclosure
2023-05-30 21:03:25
CVE-2023-33850 IBM GSKit-Crypto information disclosure
2023-08-22 20:31:25
nessus
nessus
IBM HTTP Server 8.5.0.0 < 8.5.5.24 / 9.0.0.0 < 9.0.5.16 Information Disclosure (6998037)
2023-10-19 00:00:00
IBM Java 8.0 < 8.0.8.20
2024-02-11 00:00:00
IBM MQ 9.0 <= 9.0.0.24 / 9.1 <= 9.1.0.21 / 9.2 <= 9.2.0.25 / 9.3 <= 9.3.0.17 / 9.3 <= 9.3.5.1 (7149586)
2024-04-30 00:00:00
cnvd
cnvd
IBM Global Security Kit Encryption Issues Vulnerability
2023-06-01 00:00:00
prion
prion
Design/Logic Flaw
2023-05-30 22:15:00
Design/Logic Flaw
2023-08-22 21:15:00
nvd
nvd
CVE-2023-32342
2023-05-30 22:15:10
CVE-2023-33850
2023-08-22 21:15:07
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2024-03-07 15:16:48
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2024:0619-1)
2024-02-27 00:00:00

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

43.0%

JSON
Related for 6E7F36EE55AD4648B4A26C017596C381DC6105F8E94A271A4C034FE7EB448F30
ibm114cve2cvelist2nessus6cnvd1prion2nvd2aix1openvas1