Lucene search

IBM83348CB225156E718F106E0B999C90FF888952B2A119B117EB6628D0B8B50D9D

HistoryMay 01, 2024 - 10:14 a.m.

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is used by IBM Rational ClearQuest (CVE-2024-25026)

2024-05-0110:14:49

www.ibm.com

ibm websphere application server

ibm rational clearquest

security vulnerability

denial of service

fixes

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

9.0%

JSON

Summary

IBM WebSphere Application Server (WAS) is used by IBM Rational ClearQuest server and web components. Information about security vulnerability affecting WAS has been published in a security bulletin.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Rational ClearQuest	9.1 - 9.1.0.6
IBM Rational ClearQuest	10.0 - 10.0.5

Remediation/Fixes

Refer to the following security bulletin(s) for vulnerability details and information about fixes addressed by IBM WebSphere Application Server (WAS), which is used by IBM Rational ClearQuest.

Principal Product and Version(s)	Affected Supporting Product and Version	Affected Supporting Product Security Bulletin
IBM Rational ClearQuest, versions 9.1 to 9.1.0.6, 10.0 to 10.0.5	IBM WebSphere Application Server versions 8.5 and 9.0.

Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to a denial of service (CVE-2024-25026)

ClearQuest Versions

Applying the fix

—|—
9.1 to 9.1.0.6, 10.0 to 10.0.5| Apply the appropriate IBM WebSphere Application Server fix (see bulletin link above) directly to your CM server host. No ClearQuest specific steps are necessary.

For 9.0.1.x, 9.0.2.x, and earlier releases, IBM recommends upgrading to a fixed, supported version/release/platform of the product.

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmrational_clearquestMatch8.0.0

ibmrational_clearquestMatch8.0.1

ibmrational_clearquestMatch9.0.0

ibmrational_clearquestMatch9.0.1

ibmrational_clearquestMatch9.0.2

ibmrational_clearquestMatch9.1.0

VendorProductVersionCPE
ibmrational_clearquest8.0.0cpe:2.3:a:ibm:rational_clearquest:8.0.0:*:*:*:*:*:*:*
ibmrational_clearquest8.0.1cpe:2.3:a:ibm:rational_clearquest:8.0.1:*:*:*:*:*:*:*
ibmrational_clearquest9.0.0cpe:2.3:a:ibm:rational_clearquest:9.0.0:*:*:*:*:*:*:*
ibmrational_clearquest9.0.1cpe:2.3:a:ibm:rational_clearquest:9.0.1:*:*:*:*:*:*:*
ibmrational_clearquest9.0.2cpe:2.3:a:ibm:rational_clearquest:9.0.2:*:*:*:*:*:*:*
ibmrational_clearquest9.1.0cpe:2.3:a:ibm:rational_clearquest:9.1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	rational_clearquest	8.0.0	cpe:2.3:a:ibm:rational_clearquest:8.0.0:::::::*
ibm	rational_clearquest	8.0.1	cpe:2.3:a:ibm:rational_clearquest:8.0.1:::::::*
ibm	rational_clearquest	9.0.0	cpe:2.3:a:ibm:rational_clearquest:9.0.0:::::::*
ibm	rational_clearquest	9.0.1	cpe:2.3:a:ibm:rational_clearquest:9.0.1:::::::*
ibm	rational_clearquest	9.0.2	cpe:2.3:a:ibm:rational_clearquest:9.0.2:::::::*
ibm	rational_clearquest	9.1.0	cpe:2.3:a:ibm:rational_clearquest:9.1.0:::::::*