OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by Rational BuildForge Agent shipped with IBM Rational Team Concert. Rational BuildForge has addressed the applicable CVEs.
CVEID: CVE-2018-0739 **DESCRIPTION:*OpenSSL is vulnerable to a denial of service. By sending specially crafted ASN.1 data with a recursive definition, a remote attacker could exploit this vulnerability to consume excessive stack memory. CVSS Base Score: 5.3 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/140847> for the current score. CVSS Environmental Score : Undefined CVSS Vector : (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2017-3738 **DESCRIPTION:**OpenSSL could allow a remote attacker to obtain sensitive information, caused by an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. An attacker could exploit this vulnerability to obtain information about the private key. Note: In order to exploit this vulnerability, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. **CVSS Base Score:**3.1 **CVSS Temporal Score:**See https://exchange.xforce.ibmcloud.com/vulnerabilities/136078 for the current score. *CVSS Environmental Score:**Undefined **CVSS Vector: **(CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2017-3737 **DESCRIPTION:**An unspecified vulnerability in multiple Oracle products could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and high availability impact. **CVSS Base Score:**5.3 **CVSS Temporal Score:**See https://exchange.xforce.ibmcloud.com/vulnerabilities/136077 for the current score. *CVSS Environmental Score:**Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Rational Collaborative Lifecycle Management 5.0 - 6.0.6
Rational Team Concert 5.0 - 5.0.2
Rational Team Concert 6.0 - 6.0.6
Upgrade your Rational Build Forge Agent to version 8.0.0.8 from: Download link.
None