Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM36E10A1194691BC7FD259C1B346904113FE1B354B11523EA371DFC241780E8B3
HistoryMar 14, 2024 - 5:23 a.m.

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Rational ClearQuest

2024-03-1405:23:12
www.ibm.com
24
openssl
ibm rational clearquest
vulnerabilities
denial of service
fix pack 6
fix pack 5
cve-2023-3817

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

AI Score

6.9

Confidence

High

EPSS

0.003

Percentile

71.6%

JSON

Summary

OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM Rational ClearQuest. IBM Rational ClearQuest has addressed the applicable CVEs.

Vulnerability Details

CVEID:CVE-2023-3817
**DESCRIPTION:**OpenSSL is vulnerable to a denial of service, caused by a flaw when using the DH_check(), DH_check_ex() or EVP_PKEY_param_check() functions to check a DH key or DH parameters. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause long delays, and results in a denial of service condition.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/262046 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Rational ClearQuest 9.1
IBM Rational ClearQuest 10.0

Remediation/Fixes

Apply the relevant fixes as listed in the table below.

Affected Versions

|

Applying the fix

—|—

9.1 through 9.1.0.5

| Install Rational ClearQuest Fix Pack 6 (9.1.0.6) for 9.1

10.0 through 10.0.4

| Install Rational ClearQuest Fix Pack 5 (10.0.5) for 10.0

|

For 9.0.2.x, and earlier releases, IBM recommends upgrading to a fixed, supported version/release/platform of the product.

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmrational_clearquestMatch8.0.0
OR
ibmrational_clearquestMatch8.0.1
OR
ibmrational_clearquestMatch9.0.0
OR
ibmrational_clearquestMatch9.0.1
OR
ibmrational_clearquestMatch9.0.2
VendorProductVersionCPE
ibmrational_clearquest8.0.0cpe:2.3:a:ibm:rational_clearquest:8.0.0:*:*:*:*:*:*:*
ibmrational_clearquest8.0.1cpe:2.3:a:ibm:rational_clearquest:8.0.1:*:*:*:*:*:*:*
ibmrational_clearquest9.0.0cpe:2.3:a:ibm:rational_clearquest:9.0.0:*:*:*:*:*:*:*
ibmrational_clearquest9.0.1cpe:2.3:a:ibm:rational_clearquest:9.0.1:*:*:*:*:*:*:*
ibmrational_clearquest9.0.2cpe:2.3:a:ibm:rational_clearquest:9.0.2:*:*:*:*:*:*:*

Related

openvas 57
nessus 87
cbl_mariner 6
ibm 7
osv 9
cgr 1
freebsd 1
redhatcve 1
wolfi 1
veracode 1
ubuntucve 2
photon 1
amazon 7
prion 2
redos 1
f5 2
debian 1
ubuntu 2
nvd 2
alpinelinux 2
broadcom 1
cvelist 1
debiancve 1
openssl 1
cve 1
slackware 1
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2023:3291-2)
2023-10-05 00:00:00
openSUSE: Security Advisory for openssl (SUSE-SU-2023:3244-1)
2024-03-04 00:00:00
openSUSE: Security Advisory for openssl (SUSE-SU-2023:3243-1)
2024-03-04 00:00:00
nessus
nessus
Photon OS 4.0: Openssl PHSA-2023-4.0-0450
2024-07-24 00:00:00
Photon OS 3.0: Nxtgn PHSA-2023-3.0-0631
2024-07-24 00:00:00
Photon OS 5.0: Openssl PHSA-2023-5.0-0070
2024-07-24 00:00:00
cbl_mariner
cbl_mariner
CVE-2023-3817 affecting package edk2 for versions less than 20230301gitf80f052277c8-37
2023-11-08 02:07:28
CVE-2023-3817 affecting package edk2 for versions less than 20230301gitf80f052277c8-37
2024-04-17 22:02:46
CVE-2023-3817 affecting package hvloader for versions less than 1.0.1-3
2024-06-06 19:53:22
ibm
ibm
Security Bulletin: IBM Event Streams is affected by an openSSL Vulnerability - CVE-2023-3817
2024-01-23 04:07:12
Security Bulletin: openssl-src-111.26.0+1.1.1u.crate is vulnerable to CVE-2023-3817 used in IBM Maximo Application Suite - Edge Data Collector
2024-03-05 09:11:39
Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service due to OpenSSL.
2023-11-29 10:14:17
osv
osv
libopenssl-3-devel-3.1.2-1.1 on GA media
2024-06-15 00:00:00
CGA-55rx-q8vx-v22r
2024-06-06 12:23:58
libopenssl-1_1-devel-1.1.1v-1.1 on GA media
2024-06-15 00:00:00
cgr
cgr
CVE-2023-3817 vulnerabilities
2024-05-19 03:07:16
freebsd
freebsd
OpenSSL -- Excessive time spent checking DH q parameter value
2023-07-31 00:00:00
redhatcve
redhatcve
CVE-2023-3817
2023-08-01 08:19:37
wolfi
wolfi
CVE-2023-3817 vulnerabilities
2024-10-01 21:13:23
veracode
veracode
Denial Of Service (DoS)
2023-08-06 07:40:29
ubuntucve
ubuntucve
CVE-2023-3817
2023-07-31 00:00:00
CVE-2023-5678
2023-11-06 00:00:00
photon
photon
Moderate Photon OS Security Update - PHSA-2023-3.0-0640
2023-08-25 00:00:00
amazon
amazon
Medium: openssl11
2023-11-29 22:19:00
Medium: openssl
2023-11-29 23:18:00
Medium: openssl
2023-09-27 22:15:00
prion
prion
Design/Logic Flaw
2023-07-31 16:15:00
Design/Logic Flaw
2023-11-06 16:15:00
redos
redos
ROS-20230907-04
2023-09-07 00:00:00
f5
f5
K000137969 : OpenSSL vulnerability CVE-2023-3817
2023-12-19 00:00:00
K000138242 : OpenSSL vulnerability CVE-2023-5678
2024-01-17 00:00:00
debian
debian
[SECURITY] [DLA 3530-1] openssl security update
2023-08-16 05:56:34
ubuntu
ubuntu
OpenSSL vulnerabilities
2023-10-25 00:00:00
OpenSSL vulnerabilities
2023-10-18 00:00:00
nvd
nvd
CVE-2023-3817
2023-07-31 16:15:10
CVE-2023-5678
2023-11-06 16:15:42
alpinelinux
alpinelinux
CVE-2023-5678
2023-11-06 16:15:42
CVE-2023-3817
2023-07-31 16:15:10
broadcom
broadcom
Excessive time spent checking DH q parameter value (CVE-2023-3817)
2024-04-16 00:00:00
cvelist
cvelist
CVE-2023-5678 Excessive time spent in DH check / generation with large Q parameter value
2023-11-06 15:47:30
debiancve
debiancve
CVE-2023-3817
2023-07-31 16:15:10
openssl
openssl
Vulnerability in OpenSSL - Excessive time spent in DH check / generation with large Q parameter value
2023-11-06 00:00:00
cve
cve
CVE-2023-3817
2023-07-31 16:15:10
slackware
slackware
[slackware-security] openssl
2023-08-02 17:08:29

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

AI Score

6.9

Confidence

High

EPSS

0.003

Percentile

71.6%

JSON
Related for 36E10A1194691BC7FD259C1B346904113FE1B354B11523EA371DFC241780E8B3
openvas57nessus87cbl_mariner6ibm7osv9cgr1freebsd1redhatcve1wolfi1veracode1ubuntucve2photon1amazon7prion2redos1f52debian1ubuntu2nvd2alpinelinux2broadcom1cvelist1debiancve1openssl1cve1slackware1