Security Bulletin: Security vulnerability has been identified in Jazz Reporting Service shipped with Rational Reporting for Development Intelligence (CVE-2017-6056)

2018-06-1705:22:34

www.ibm.com

0.013 Low

EPSS

Percentile

86.2%

JSON

Summary

Jazz Reporting Service is shipped as a component of Rational Reporting for Development Intelligence (RRDI). Information about a security vulnerability affecting Jazz Reporting Service has been published in a security bulletin.

Vulnerability Details

CVEID: CVE-2017-6056**
DESCRIPTION:** Apache Tomcat is vulnerable to a denial of service, caused by a programming error in the servlet and JSP engine. A remote attacker could exploit this vulnerability to cause the server to enter into an infinite loop.
CVSS Base Score: 7.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/122312> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Principal Product and Version(s)

| Affected Supporting Product(s) and Version(s)
—|—
RRDI 5.0, 5.0.1 and 5.0.2| Jazz Reporting Service 5.0, 5.0.1 and 5.0.2

Remediation/Fixes

Consult the security bulletin Security Bulletin: Security vulnerability has been identified in Jazz Team Server shipped with Jazz Reporting Service (CVE-2017-6056) for vulnerability details and information about fixes.

Workarounds and Mitigations

None

CPENameOperatorVersion
rational reporting for development intelligenceeq5.0
rational reporting for development intelligenceeq5.0.1
rational reporting for development intelligenceeq5.0.2

Name	Operator	Version
rational reporting for development intelligence	eq	5.0
rational reporting for development intelligence	eq	5.0.1
rational reporting for development intelligence	eq	5.0.2