Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMC8BF745A99105A3CA7DABFE284E8C7387740AFCCEAF5A6E298CB2FB23C2B1211
HistoryFeb 23, 2021 - 1:41 p.m.

Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Rational ClearCase (CVE-2020-4949, CVE-2021-20353, CVE-2021-20354)

2021-02-2313:41:08
www.ibm.com
6
ibm rational clearcase
websphere application server
security bulletin
vulnerabilities
fixes
xml external entity
directory traversal

EPSS

0.012

Percentile

85.6%

JSON

Summary

IBM WebSphere Application Server (WAS) is shipped as a component of IBM Rational ClearCase. Information about security vulnerabilities affecting WAS have been published in security bulletins.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

IBM Rational ClearCase 8.0.0
IBM Rational ClearCase 9.0
IBM Rational ClearCase 9.0.1
IBM Rational ClearCase 9.1
IBM Rational ClearCase 9.0.2
IBM Rational ClearCase 8.0.1

Remediation/Fixes

Refer to the following security bulletin(s) for vulnerability details and information about fixes addressed by IBM WebSphere Application Server (WAS) which is shipped with IBM Rational ClearCase.

Principal Product and Version(s) Affected Supporting Product and Version Affected Supporting Product Security Bulletin
IBM Rational ClearCase, versions 8.0.0.x, 8.0.1.x, 9.0.0.x, 9.0.1.x, 9.0.2.x, 9.1.x IBM WebSphere Application Server versions 7.0, 8.0, 8.5, and 9.0.

Security Bulletin: WebSphere Application Server is vulnerable to an XML External Entity (XXE) Injection Vulnerability (CVE-2020-4949)

Security Bulletin: WebSphere Application Server is vulnerable to an XML External Entity (XXE) Injection vulnerability (CVE-2021-20353)

Security Bulletin: WebSphere Application Server is vulnerable to a directory traversal vulnerability (CVE-2021-20354)

ClearCase Versions

|

Applying the fix

โ€”|โ€”
8.0.0.x, 8.0.1.x, 9.0.0.x, 9.0.1.x, 9.0.2.x, 9.1.x|

  1. Determine the WAS version used by your CCRC WAN server. Navigate to the CCRC profile directory (either the profile you specified when installing ClearCase, or <ccase-home>/common/ccrcprofile), then execute the script: bin/versionInfo.sh (UNIX) or bin\versionInfo.bat (Windows). The output includes a section โ€œIBM WebSphere Application Serverโ€. Make note of the version listed in this section. Check your installed version of IBM WebSphere Application Server against this bulletinโ€™s list of vulnerable versions.
  2. Identify the latest available fixes (per the bulletin(s) listed above) for the version of WAS used for CCRC WAN server.
  3. Apply the appropriate WebSphere Application Server fix directly to your CCRC WAN server host. No ClearCase-specific steps are necessary.

For 8.0.x and earlier releases, IBM recommends upgrading to a fixed, supported version/release/platform of the product.

Workarounds and Mitigations

None

Related

ibm 81
nvd 3
cvelist 3
cve 3
zdi 1
prion 3
nessus 3
ibm
ibm
Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Rational ClearQuest
2021-09-29 12:48:28
Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring installed WebSphere Application Server
2022-12-30 17:31:59
Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Security Key Lifecycle Manager (SKLM) (CVE-2021-20353)
2021-02-24 05:21:58
nvd
nvd
CVE-2021-20354
2021-02-18 15:15:14
CVE-2021-20353
2021-02-10 17:15:22
CVE-2020-4949
2021-01-26 15:15:13
cvelist
cvelist
CVE-2021-20354
2021-02-17 00:00:00
CVE-2021-20353
2021-02-10 17:00:19
CVE-2020-4949
2021-01-25 00:00:00
cve
cve
CVE-2021-20354
2021-02-18 15:15:14
CVE-2021-20353
2021-02-10 17:15:22
CVE-2020-4949
2021-01-26 15:15:13
zdi
zdi
IBM WebSphere EDataGraphImpl Deserialization of Untrusted Data Information Disclosure Vulnerability
2021-02-10 00:00:00
prion
prion
Xxe
2021-02-10 17:15:00
Design/Logic Flaw
2021-02-18 15:15:00
Xxe
2021-01-26 15:15:00
nessus
nessus
IBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.0.x <= 8.0.0.15 / 8.5.x <= 8.5.5.19 / 9.0.x <= 9.0.5.6 XXE (6413709)
2021-02-25 00:00:00
IBM WebSphere Application Server 8.0.0.0 <= 8.0.0.15 / 8.5.0.0 <= 8.5.5.19 / 9.0.0.0 <= 9.0.5.6 Directory Traversal (CVE-2021-20354)
2021-02-25 00:00:00
IBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.0.x <= 8.0.0.15 / 8.5.x <= 8.5.5.18 / 9.0.x <= 9.0.5.6 XXE (6408244)
2021-01-28 00:00:00

EPSS

0.012

Percentile

85.6%

JSON
Related for C8BF745A99105A3CA7DABFE284E8C7387740AFCCEAF5A6E298CB2FB23C2B1211
ibm81nvd3cvelist3cve3zdi1prion3nessus3