IBMA3B6B76DA125A8C9C17407BF155B133A25D6A14FDBE7ABFA429D14ECE2E5FC41Security Bulletin: Vulnerabilities in ClearCase OpenSSL Component (CVE-2013-4353, CVE-2013-6450, CVE-2013-6449)
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
Summary
The OpenSSL component shipped as a part of IBM Rational ClearCase has issued a security advisory. This component is used in making SSL connections in the base CC/CQ integration and in making SSL connections via user Perl modules. On the UNIX/Linux platforms, OpenSSL can also be used by the UCM/CQ integration.
Vulnerability Details
| Subscribe to My Notifications to be notified of important product support alerts like this.
- Follow this link for more information (requires login with your IBM ID)
—|—
CVE ID:CVE-2013-4353
Description:
This vulnerability is listed in the OpenSSL security advisory located at http://www.openssl.org/news/vulnerabilities.html** **
CVSS Base Score: 5 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/90201> *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVE ID:CVE-2013-6450
Description:
This vulnerability is listed in the OpenSSL security advisory located at http://www.openssl.org/news/vulnerabilities.html
CVSS Base Score: 4.3 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/90069> for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVE ID:CVE-2013-6449
Description:
This vulnerability is listed in the OpenSSL security advisory located at http://www.openssl.org/news/vulnerabilities.html** **
CVSS Base Score: 4.3 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/90068> for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)
Affected Products and Versions
IBM Rational ClearCase versions 7.1.1 through 7.1.1.9, 7.1.2 through** **7.1.2.12, 8.0.0 through 8.0.0.9, and 8.0.1 through 8.0.1.2
Remediation/Fixes
The solution is to upgrade to a fix pack of ClearCase that has a newer OpenSSL component (version 1.0.1f) that corrects these vulnerabilities. Please see below for information on the fixes available.
-
Systems running 7.1.0, 7.1.1: upgrade to Rational ClearCase Fix Pack 13 (7.1.2.13) for 7.1.2.
Note: 7.1.2.13 inter-operates with all 7.1.1.x systems, and can be installed in the same way as 7.1.1.x fix packs.
Workarounds and Mitigations
None
Related
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P