IBM Rational ClearCase includes an IBM Java SDK that is based on the Oracle JDK. Oracle has released April 2013 critical patch updates (CPU) which contain security vulnerability fixes and the IBM Java SDK has been updated to incorporate those updates.
| Subscribe to My Notifications to be notified of important product support alerts like this.
CVE ID: CVE-2013-0169
Description: The TLS protocol does not properly consider timing side-channel attacks, which could allow remote attackers to conduct distinguishing attacks and plain-text recovery attacks via statistical analysis of timing data for crafted packets, aka the “Lucky Thirteen” issue.
CVSS Base Score: 4.3 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/81902> *CVSS Environmental Score:**Undefined **CVSS Vector: **(AV:N/AC:M/Au:N/C:P/I:N/A:N)
Rational ClearCase, Remote Client, 7.1 through 7.1.2.11, 8.0 through 8.0.0.7, and 8.0.1
Note: The vulnerability only affects ClearCase Remote Client.
* If your deployment does not use ClearCase Remote Client, it is _not vulnerable_.
* If your deployment does not use SSL (https) between ClearCase Remote Client and CM Server or CCRC WAN Server, it is _not vulnerable_.
Upgrade to one of the below versions of IBM Rational ClearCase:
None