A security vulnerability in Jasper, Version 8 Service Refresh 5 Fix Pack 33, used in Jetty Server 9.4.14 is affecting IBM Rational Change.
CVEID:CVE-2020-27216
**DESCRIPTION:**Eclipse Jetty could allow a local authenticated attacker to gain elevated privileges on the system, caused by a race condition in the creation of the temporary subdirectory. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/190474 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
IBM Rational Change 5.3.2, 5.3.2.1, 5.3.2.2.
Product | VRFM | APAR | Remediation/Fix |
---|---|---|---|
Rational Change | 5.3.2.3 | None. |
Upgrade to Rational Change 5.3.2.3 supporting Jetty 9.4.35 from IBM Passport Advantage and apply it.
NOTE:
Download the Rational Change 5.3.2.3 installation image by referring to the installation platform and its part number in the following list:
None.
CPE | Name | Operator | Version |
---|---|---|---|
rational change | eq | 5.3.1 | |
rational change | eq | 5.3.1.1 | |
rational change | eq | 5.3.1.2 | |
rational change | eq | 5.3.2.2 |