Lucene search

K
ibmIBMB6C5B04D2505322C9C9B0832B85A6B1382F4C39E009A0D419652A4E6303ECC97
HistoryMar 03, 2023 - 6:30 a.m.

Security Bulletin: Multiple security vulnerabilities has been identified in IBM HTTP Server shipped with IBM Rational ClearCase [CVE-2022-28331, CVE-2022-36760, CVE-2022-37436, CVE-2022-25147, CVE-2006-20001]

2023-03-0306:30:57
www.ibm.com
32
ibm
rational clearcase
http server
vulnerabilities
security bulletin
websphere application server
fixes
apache http server

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.077

Percentile

94.3%

Summary

IBM HTTP Server (IHS) is shipped as a component of IBM Rational ClearCase. Information about a security vulnerability affecting IHS has been published in a security bulletin. [CVE-2022-28331, CVE-2022-36760, CVE-2022-37436, CVE-2022-25147, CVE-2006-20001]

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s) Version(s)
IBM Rational ClearCase 10.0.0
IBM Rational ClearCase 9.1
IBM Rational ClearCase 9.0.2

Remediation/Fixes

Refer to the following security bulletin(s) for vulnerability details and information about fixes addressed by IBM WebSphere Application Server (WAS) which is shipped with IBM Rational ClearCase.

Principal Product and Version(s) Affected Supporting Product and Version Affected Supporting Product Security Bulletin

IBM Rational ClearCase, versions 10.0.x, 9.1.x, 9.0.2.x

|

IBM HTTP Server version 9.0, 8.5

|

Security Bulletin: IBM HTTP Server is vulnerable to multiple vulnerabilities due to the included Apache HTTP Server and Apache Portable Runtime

ClearCase Versions

|

Applying the fix

—|—
10.0.x, 9.1.x, 9.0.2.x| Apply the appropriate IBM HTTP Server fix (see bulletin link above) directly to your CCRC WAN server host. No ClearCase-specific steps are necessary.

For 9.0.1.x and earlier releases, IBM recommends upgrading to a fixed, supported version/release/platform of the product.

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmrational_clearcaseMatchany

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.077

Percentile

94.3%