Lucene search

K
ibmIBME2381A6E18E2453CE7B305652CBC894FB1DA5C1F14445C38A8D61EB54D2C9A96
HistoryDec 23, 2022 - 3:14 p.m.

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM® SDK, Java™ Technology Edition are affected by multiple vulnerabilities ( CVE-2022-21541, CVE-2022-21540 )

2022-12-2315:14:06
www.ibm.com
4

Summary

All applicable Java SE CVEs published by Oracle as part of their July 2022 Critical Patch Update. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Test Management, BM Jazz Reporting Service , IBM Engineering Requirements Management DOORS Next, IBM Engineering Workflow Management, IBM Engineering Lifecycle Optimization - Publishing, IBM Engineering Lifecycle Optimization - Engineering Insights, Global Configuration Management, Rational Team Concert, Rational Engineering Lifecycle Manager, Rational Publishing Engine

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Version(s) Affected Product(s)
All Global Configuration Management
All IBM Jazz Reporting Service
6.0.6, 6.0.6.1 Rational Team Concert
Rational DOORS Next Generation
IBM Jazz Reporting Service
Rational Engineering Lifecycle Manager
Rational Publishing Engine
7.0, 7.0.1, 7.0.2 IBM Engineering Workflow Management
IBM Engineering Requirements Management DOORS Next
IBM Jazz Reporting Service
IBM Engineering Lifecycle Optimization - Engineering Insights
IBM Engineering Lifecycle Optimization - Publishing
7.0.1, 7.0.2 IBM Engineering Test Management

Remediation/Fixes

This vulnerability affects multiple IBM® Engineering Lifecycle Engineering products mentioned above, which uses IBM® SDK, Java™ Technology Edition.

If the Product is deployed on one of the above versions, Please follow the instruction given in the following article

Link - <https://www.ibm.com/support/pages/node/6616533&gt;

Workarounds and Mitigations

None