5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
6.9 Medium
AI Score
Confidence
Low
0.004 Low
EPSS
Percentile
72.9%
OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM Rational ClearQuest. IBM Rational ClearQuest has addressed the applicable CVEs. (CVE-2023-2975)
CVEID:CVE-2023-2975
**DESCRIPTION:**OpenSSL could allow a remote attacker to bypass security restrictions, caused by AES-SIV cipher implementation. By sending a specially-crafted request using empty data entries as associated data, an attacker could exploit this vulnerability to bypass authentication validation.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/260817 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Rational ClearQuest | 9.1 |
IBM Rational ClearQuest | 10.0 |
Apply the relevant fixes as listed in the table below.
Affected Versions
|
Applying the fix
—|—
9.1 through 9.1.0.5
| Install Rational ClearQuest Fix Pack 6 (9.1.0.6) for 9.1
10.0 through 10.0.4
| Install Rational ClearQuest Fix Pack 5 (10.0.5) for 10.0
|
For 9.0.2.x, and earlier releases, IBM recommends upgrading to a fixed, supported version/release/platform of the product.
None
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
6.9 Medium
AI Score
Confidence
Low
0.004 Low
EPSS
Percentile
72.9%