Fixes are available
Rational ClearQuest Fix Pack 17 (8.0.1.17) for 8.0.1
Rational ClearQuest Fix Pack 3 (9.0.1.3) for 9.0.1
Rational ClearQuest Fix Pack 18 (8.0.1.18) for 8.0.1
Rational ClearQuest Fix Pack 4 (9.0.1.4) for 9.0.1
Rational ClearQuest Fix Pack 5 (9.0.1.5) for 9.0.1
Rational ClearQuest Fix Pack 19 (8.0.1.19) for 8.0.1
Rational ClearQuest Fix Pack 6 (9.0.1.6) for 9.0.1
Rational ClearQuest Fix Pack 20 (8.0.1.20) for 8.0.1
Rational ClearQuest Fix Pack 21 (8.0.1.21) for 8.0.1
Rational ClearQuest Fix Pack 7 (9.0.1.7) for 9.0.1
Rational ClearQuest Fix Pack 22 (8.0.1.22) for 8.0.1
Rational ClearQuest Fix Pack 8 (9.0.1.8) for 9.0.1
Rational ClearQuest Fix Pack 9 (9.0.1.9) for 9.0.1
Rational ClearQuest Fix Pack 23 (8.0.1.23) for 8.0.1
Rational ClearQuest Fix Pack 24 (8.0.1.24) for 8.0.1
Rational ClearQuest Fix Pack 25 (8.0.1.25) for 8.0.1
APAR status
Closed as program error.
Error description
Cyber security team ran a scan on our ClearQuest web and found the vulnerability "Cross-Site Request Forgery (XSRF or CSRF)". ClearQuest version: 8.0.1.14 WebSphere version: 8.5.5.12 I escalated this issue (CHCLS000776410 and the developer identified the problem and has a fix ready.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: * * ClearQuest Web * **************************************************************** * PROBLEM DESCRIPTION: * * ClearQuest Web is affected by a "Cross-Site Request Forgery * * (XSRF or CSRF)" vulnerability. * **************************************************************** * RECOMMENDATION: * ****************************************************************
Problem conclusion
A fix is available in ClearQuest 8.0.1.17 and 9.0.1.3 The Cross-Site Request Forgery (XSRF or CSRF)" vulnerability has been fixed.
Temporary fix
Comments
APAR Information
APAR number
PI92296
Reported component name
CLEARQUEST WIN
Reported component ID
5724G3600
Reported release
801
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2018-01-10
Closed date
2018-05-09
Last modified date
2018-05-09
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
CLEARQUEST WIN
Fixed component ID
5724G3600
Applicable component levels
R801 PSY
UP
Document Information
Modified date:
18 October 2021