There is a vulnerability in the Google protobuf-java library used by IBM WebSphere Application Server Liberty with the grpc-1.0 or grpcClient-1.0 feature enabled. Following IBM® Engineering Lifecycle Engineering product is vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Workflow Management
Refer to the security bulletin(s) listed in the Remediation/Fixes section
Version(s)
|
Affected Product(s)
—|—
7.0, 7.0.1, 7.0.2
|
IBM Engineering Workflow Management
6.0.6, 6.0.6.1
|
Rational Team Concert
This vulnerability affects IBM® Engineering Lifecycle Engineering product mentioned above, which uses IBM WebSphere Application Server Liberty with the grpc-1.0 or grpcClient-1.0 feature enabled.
If the Product is deployed on one of the above versions, Please follow the instruction given in the following article
Link - <https://www.ibm.com/support/pages/node/6841889>
How to update the IBM SDK for Java of Engineering Lifecycle Management products? Please refer below article for more details.
None