Security Bulletin: Notice of IBM WebSphere Application Server security vulnerability fixes for Rational ClearCase and ClearQuest (CVE-2012-2170)

Summary

IBM Rational ClearCase and ClearQuest use IBM WebSphere Application Server (WAS) which has security corrections.

Vulnerability Details

| Subscribe to My Notifications to be notified of important product support alerts like this.

• Follow this link for more information (requires login with your IBM ID)
  —|—

CVE ID: CVE-2012-2170

Description: Review the following IBM WebSphere Application Server bulletin for complete details:

1606096: Security Vulnerabilities fixed in IBM WebSphere Application Server 8.0.0.4

• ClearCase and ClearQuest 8.x releases have separated the WAS installation from the ClearCase and ClearQuest installation. You should determine the exact version of WAS that you have deployed and read the above document link to see if you are impacted.

• ClearCase and ClearQuest 7.1.x releases are shipped with and install and configure WAS version 6.1.0.25. Review technote 1390803: Update the WebSphere Application Server components in Rational ClearCase and Rational ClearQuest 7.1 for instructions.

Affected Products and Versions

All ClearCase and ClearQuest 7.1.x web servers running on the as shipped WAS v6.1.0.25.

Any ClearQuest v8.0.x web server running on a WAS version that does not have the remediation applied.

Remediation/Fixes

Follow the instructions posted in 1606096: Security Vulnerabilities fixed in IBM WebSphere Application Server 8.0.0.4

Workarounds and Mitigations

Workaround:

Use desktop applications

Mitigation:

None