4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
IBM Rational ClearCase and ClearQuest use IBM WebSphere Application Server (WAS) which has security corrections.
| Subscribe to My Notifications to be notified of important product support alerts like this.
CVE ID: CVE-2012-2170
Description: Review the following IBM WebSphere Application Server bulletin for complete details:
1606096: Security Vulnerabilities fixed in IBM WebSphere Application Server 8.0.0.4
ClearCase and ClearQuest 8.x releases have separated the WAS installation from the ClearCase and ClearQuest installation. You should determine the exact version of WAS that you have deployed and read the above document link to see if you are impacted.
ClearCase and ClearQuest 7.1.x releases are shipped with and install and configure WAS version 6.1.0.25. Review technote 1390803: Update the WebSphere Application Server components in Rational ClearCase and Rational ClearQuest 7.1 for instructions.
All ClearCase and ClearQuest 7.1.x web servers running on the as shipped WAS v6.1.0.25.
Any ClearQuest v8.0.x web server running on a WAS version that does not have the remediation applied.
Follow the instructions posted in 1606096: Security Vulnerabilities fixed in IBM WebSphere Application Server 8.0.0.4
Workaround:
Use desktop applications
Mitigation:
None