An OpenSSL vulnerability was disclosed on June 12 2018 by the OpenSSL Project. OpenSSL is used by IBM Rational ClearCase. IBM Rational ClearCase has addressed the applicable CVE.
CVEID: CVE-2018-0732 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the sending of a very large prime value to the client by a malicious server during key agreement in a TLS handshake. By spending an unreasonably long period of time generating a key for this prime, a remote attacker could exploit this vulnerability to cause the client to hang.
CVSS Base Score: 3.7
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/144658 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
IBM Rational ClearCase versions:
Version
|
Status
—|—
9.0.1 through 9.0.1.4
|
Affected
9.0 through 9.0.0.6
|
Affected
8.0.1 through 8.0.1.18
|
Affected
8.0 through 8.0.0.21
|
Affected
Not all deployments of Rational ClearCase use OpenSSL in a way that is affected by these vulnerabilities.
You are vulnerable if your use of Rational ClearCase includes any of these configurations:
Apply a fix pack as listed in the table below. The fix pack includes OpenSSL 1.0.2p.
Affected Versions
|
Applying the fix
—|—
9.0.1 through 9.0.1.4
9.0 through 9.0.0.6
| Install Rational ClearCase Fix Pack 5 (9.0.1.5) for 9.0.1
8.0.1 through 8.0.1.18
8.0 through 8.0.0.21
| Install Rational ClearCase Fix Pack 19 (8.0.1.19) for 8.0.1
For 8.0.x and earlier releases, IBM recommends upgrading to a fixed, supported version/release/platform of the product.
None.