5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
The OpenSSL component shipped as a part of IBM Rational ClearCase has issued a security advisory. This component is used in making SSL connections in the base CC/CQ integration and in making SSL connections via user Perl modules. On the UNIX/Linux platforms, OpenSSL can also be used by the UCM/CQ integration.
| Subscribe to My Notifications to be notified of important product support alerts like this.
CVE ID:CVE-2013-4353
Description:
This vulnerability is listed in the OpenSSL security advisory located at http://www.openssl.org/news/vulnerabilities.html** **
CVSS Base Score: 5 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/90201> *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVE ID:CVE-2013-6450
Description:
This vulnerability is listed in the OpenSSL security advisory located at http://www.openssl.org/news/vulnerabilities.html
CVSS Base Score: 4.3 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/90069> for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVE ID:CVE-2013-6449
Description:
This vulnerability is listed in the OpenSSL security advisory located at http://www.openssl.org/news/vulnerabilities.html** **
CVSS Base Score: 4.3 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/90068> for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)
IBM Rational ClearCase versions 7.1.1 through 7.1.1.9, 7.1.2 through** **7.1.2.12, 8.0.0 through 8.0.0.9, and 8.0.1 through 8.0.1.2
The solution is to upgrade to a fix pack of ClearCase that has a newer OpenSSL component (version 1.0.1f) that corrects these vulnerabilities. Please see below for information on the fixes available.
Systems running 7.1.0, 7.1.1: upgrade to Rational ClearCase Fix Pack 13 (7.1.2.13) for 7.1.2.
Note: 7.1.2.13 inter-operates with all 7.1.1.x systems, and can be installed in the same way as 7.1.1.x fix packs.
None