IBMA04FE2EEFC21C3A9305B1CF7463C731D28C17EB5521A8E54F5F564939C5E91E2Security Bulletin: Security vulnerabilities affect multiple IBM Rational products based on IBM Jazz technology
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.973 High
EPSS
Percentile
99.8%
Summary
Security vulnerabilities in components used by the following products may affect those products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM) and Rational Software Architect Design Manager (RSA DM).
Vulnerability Details
CVEID: CVE-2014-0114 DESCRIPTION: Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to “manipulate” the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.
CVSS Base Score: 7.5
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/92889> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVEID: CVE-2017-17485 DESCRIPTION: Jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the default-typing feature. An attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base Score: 9.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137340> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2018-5968 DESCRIPTION: FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by deserialization flaws. By using two different gadgets that bypass a blocklist, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base Score: 7.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/138088> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVEID: CVE-2017-15095 DESCRIPTION: Jackson Library could allow a remote attacker to execute arbitrary code on the system, caused by a deserialization flaw in the readValue() method of the ObjectMapper. By sending specially crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base Score: 9.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/135123> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2017-7525 DESCRIPTION: A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.
CVSS Base Score: 9.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134639> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2018-7489 DESCRIPTION: FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by a deserialization flaw in the readValue method of the ObjectMapper. By sending specially crafted JSON input, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base Score: 7.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139549> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Affected Products and Versions
Rational Collaborative Lifecycle Management 5.0 - 6.0.6
Rational Quality Manager 5.0 - 5.0.2
Rational Quality Manager 6.0 - 6.0.6
Rational Team Concert 5.0 - 5.0.2
Rational Team Concert 6.0 - 6.0.6
Rational DOORS Next Generation 5.0 - 5.0.2
Rational DOORS Next Generation 6.0 - 6.0.6
Rational Engineering Lifecycle Manager 5.0 - 5.0.2
Rational Engineering Lifecycle Manager 6.0 - 6.0.6
Rational Rhapsody Design Manager 5.0 - 5.0.2
Rational Rhapsody Design Manager 6.0 - 6.0.6
Rational Software Architect Design Manager 5.0 - 5.0.2
Rational Software Architect Design Manager 6.0 - 6.0.1
Remediation/Fixes
For the 6.0 - 6.0.6 releases:
- Upgrade to version 6.0.6 iFix004 or later
- Rational Collaborative Lifecycle Management 6.0.6 iFix004
- Rational DOORS Next Generation 6.0.6 iFix004
- Rational Quality Manager 6.0.6 iFix004
- Rational Team Concert 6.0.6 iFix004
- Rational Engineering Lifecycle Manager:_ _Upgrade to version 6.0.5 and install server from CLM 6.0.6 iFix004
- Rational Rhapsody Design Manager:_ _Upgrade to version 6.0.5 and install server from CLM 6.0.6 iFix004
- Rational Software Architect Design Manager:_ _Upgrade to version 6.0.5 and install server from CLM 6.0.6 iFix004
- Or upgrade to version 6.0.2 iFix019 or later (Planned publication date within 30 days)
- Rational Collaborative Lifecycle Management 6.0.2 iFix019
- Rational Team Concert 6.0.2 iFix019
- Rational Quality Manager 6.0.2 iFix019
- Rational DOORS Next Generation 6.0.2 iFix019
- Rational Software Architect Design Manager:_ _Upgrade to version 6.0.2 and install server from CLM 6.0.2 iFix019
- Rational Rhapsody Design Manager:_ _Upgrade to version 6.0.2 and install server from CLM 6.0.2 iFix019
- Rational Engineering Lifecycle Manager:_ _Upgrade to version 6.0.2 and install server from CLM 6.0.2 iFix019
For the 5.x releases, upgrade to version 5.0.2 iFix28 or later
- Rational Collaborative Lifecycle Management 5.0.2 iFix028
- Rational Team Concert 5.0.2 iFix028
- Rational Quality Manager 5.0.2 iFix028
- Rational DOORS Next Generation 5.0.2 iFix028
- Rational Software Architect Design Manager:_ _Upgrade to version 5.0.2 and install server from CLM 5.0.2 iFix028
- Rational Rhapsody Design Manager:_ _Upgrade to version 5.0.2 and install server from CLM 5.0.2 iFix028
- Rational Engineering Lifecycle Manager:_ _Upgrade to version 5.0.2 and install server from CLM 5.0.2 iFix028
For any prior versions of the products listed above, IBM recommends upgrading to a fixed, supported version/release/platform of the product.
If the iFix is not found in the Fix Portal please contact IBM Support.
Workarounds and Mitigations
None
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.973 High
EPSS
Percentile
99.8%