CVE-2015-5039

Name of the Vulnerable Software and Affected Versions IBM Rational ClearCase versions 7.1.x, 8.0.0.x through 8.0.0.17, 8.0.1.x through 8.0.1.10

Description The issue concerns the Remote Client and change management integrations, which do not properly validate hostnames in X.509 certificates from SSL servers. This allows remote attackers to spoof servers, obtain sensitive information, or modify network traffic via a crafted certificate.

Recommendations For IBM Rational ClearCase versions 7.1.x, update to a version that properly validates hostnames in X.509 certificates. For IBM Rational ClearCase versions 8.0.0.x through 8.0.0.17, update to version 8.0.0.18 or later. For IBM Rational ClearCase versions 8.0.1.x through 8.0.1.10, update to version 8.0.1.11 or later.