OpenSSL vulnerabilities were disclosed by the OpenSSL Project and affect Rational Tau. This includes the alternate chains certificate forgery vulnerability (CVE-2015-1793). Rational Tau has addressed the applicable CVEs.
CVEID: CVE-2015-1793 DESCRIPTION: OpenSSL could allow a remote attacker to bypass security restrictions, caused by an implementation error of the alternative certificate chain logic. An attacker could exploit this vulnerability to bypass the CA flag and other specific checks on untrusted certificates and issue an invalid certificate.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/104500 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
4.3, 4.3.0.1, 4.3.0.2, 4.3.0.3, 4.3.0.4, 4.3.0.5, 4.3.0.6, 4.3.0.6 Interim Fix 1, 4.3.0.6 Interim Fix 2, 4.3.0.6 Interim Fix 3, 4.3.0.6 Interim Fix 4
Upgrade to Rational Tau Interim Fix 5 for 4.3.0.6
No workarounds
CPE | Name | Operator | Version |
---|---|---|---|
rational tau | eq | 4.3 | |
rational tau | eq | 4.3.0.1 | |
rational tau | eq | 4.3.0.2 | |
rational tau | eq | 4.3.0.3 | |
rational tau | eq | 4.3.0.4 | |
rational tau | eq | 4.3.0.5 | |
rational tau | eq | 4.3.0.6 |