There is a vulnerability in the Google protobuf-java library used by IBM WebSphere Application Server Liberty with the grpc-1.0 or grpcClient-1.0 feature enabled. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: Engineering Lifecycle Management , Collaborative Lifecycle Management, IBM Engineering Requirements Management DOORS Next, Jazz Foundation, Global Configuration Management
Refer to the security bulletin(s) listed in the Remediation/Fixes section
Version(s) | Affected Product(s) |
---|---|
All | Global Configuration Management |
6.0.6, 6.0.6.1 | Rational DOORS Next Generation |
Collaborative Lifecycle Management | |
7, 7.0.1, 7.0.2 | IBM Engineering Requirements Management DOORS Next |
Engineering Lifecycle Management |
This vulnerability affects IBM® Engineering Lifecycle Engineering products mentioned above, which uses IBM WebSphere Application Server Liberty with the grpc-1.0 or grpcClient-1.0 feature enabled.
If the Product is deployed on one of the above versions, Please follow the instruction given in the following article
Link - <https://www.ibm.com/support/pages/node/6841889>
None