Security Bulletin: Rational Team Concert (RTC) and IBM Engineering Workflow Management (EWM) OpenSSL vulnerability CVE-2021-4044

Summary

There is a vulnerability CVE-2021-4044 which affects Rational Team Concert (RTC) and IBM Engineering Workflow Management (EWM).

Vulnerability Details

CVEID:CVE-2021-4044
**DESCRIPTION:**OpenSSL could allow a remote attacker to bypass security restrictions, caused by invalid handling of X509_verify_cert() internal errors in libssl. By using a specially crafted certificate chain an attacker could induce incorrect, application dependent behaviour and cause a crash or infinite loop.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/215348 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H)

Affected Products and Versions

Remediation/Fixes

For the 6.0.6 - 7.0.2 releases:

Upgrade to version 7.0.2 iFix013 or later

IBM Engineering Lifecycle Management 7.0.2 iFix013

IBM Engineering Workflow Management 7.0.2 iFix013

Upgrade to version 7.0.1 iFix017 or later

IBM Engineering Lifecycle Management 7.0.1 iFix017

IBM Engineering Workflow Management 7.0.1 iFix017

Upgrade to version 7.0 iFix015 or later

IBM Engineering Lifecycle Management 7.0 iFix015

IBM Engineering Workflow Management 7.0 iFix015

Upgrade to version 6.0.6.1 iFix025 or later

Rational Collaborative Lifecycle Management 6.0.6.1 iFix025

Rational Team Concert 6.0.6.1 iFix025

Upgrade to version 6.0.6 iFix026 or later

Rational Collaborative Lifecycle Management 6.0.6 iFix026

Rational Team Concert 6.0.6 iFix026

Workarounds and Mitigations

None