Security Alert: Vulnerability in IBM Rational Licensing could allow code execution

Flash (Alert)


Abstract

The security issue was originally published as a high security vulnerability and based on our ongoing technical assessment we have reduced the severity to medium. The vulnerability is in the licensing functionality used by some IBM Rational products. The products/versions that are affected are listed below and fixes are available per the table below.

On 4/12/2011 Microsoft released a security bulletin (see MS11-027: http://www.microsoft.com/technet/security/Bulletin/MS11-027.mspx ) which includes an alternative risk mitigation. This update contains a kill bit that prevents the Rational Suite License ActiveX control from being run in Internet Explorer.

Content

Table of Contents:


Products affected: See Table 1 for specific versions and fixes.



Description:

This security alert addresses a medium risk security issue (see CVE-2011-1205). The IBM Rational licensing implementation for Windows platforms is based on Microsoft COM framework. The licensing functionality is exposed to certain IBM Rational Programs through four different COM objects. The currently known attack vectors include opening local HTML files and allowing scripting in the "My Computer" zone or permitting the running of unsafe ActiveX controls in Internet Explorer. These are both considered unsafe behaviors.

Based on additional technical assessment of this security issue, IBM has lowered the base severity rating from high (CVSS 7.2), as originally reported, to medium (CVSS 6.2). At this time we have not identified a high risk exploitation vector for this vulnerability and we have no information indicating that there is an immediate risk of exploitation. IBM can not rule out other valid vectors and are continuing our evaluation; for this reason we have decided to inform our clients about this potential security issue and recommend that they install the appropriate fix as soon as possible.

As of 4/13/2011, IBM has not received any reports of customer issues related to this security vulnerability. The vulnerability was identified and reported to IBM by a security testing company, DBAPP Security.


CVSS Scores1:

Using the Common Vulnerability Scoring System (CVSS) v2, the security rating for this issue is:

  • CVSS Base Score: 6.2
    • Impact Subscore: 10
    • Exploitability Subscore: 1.9
  • CVSS Temporal Score: 4.6
  • CVSS Environmental Score*: Undefined
  • Overall CVSS Score: 4.6
  • The CVSS String that was used – (AV:L/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:O/RC:C)

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash.


Solutions:

There are two solutions in the form of fixes and a Microsoft Security patch. The IBM product fixpacks should be implemented as soon as practical and your business needs dictate. IBM recommends applying the Microsoft Security patch as soon as possible.

Microsoft Security Patch: Apply the security update outlined in Microsoft Security Bulletin MS11-027: http://www.microsoft.com/technet/security/Bulletin/MS11-027.mspx

Please refer to the Table 1 for information on available IBM fixes.

Table 1 Affected Product/Versions and Applicable Fixes.

Version
Product offering Available fixpack or risk mitigation
8.0.0 – 8.0.0.1
RATL APPSCAN ENTERPRISE ED http://www.ibm.com/support/docview.wss?uid=swg24029389
8.0.0 – 8.0.0.1
RATL APPSCAN REPORTING CONSOLE http://www.ibm.com/support/docview.wss?uid=swg24029389
8.0.0 – 8.0.0.1
RATL APPSCAN TESTER ED http://www.ibm.com/support/docview.wss?uid=swg24029389
8.0.0 – 8.0.0.1
RATL POLICY TESTER ACCESS ED http://www.ibm.com/support/docview.wss?uid=swg24029390
8.0.0 – 8.0.0.1
RATL POLICY TESTER PRIVACY ED http://www.ibm.com/support/docview.wss?uid=swg24029390
8.0.0 – 8.0.0.1
RATL POLICY TESTER QUALITY ED http://www.ibm.com/support/docview.wss?uid=swg24029390
8.0.0 – 8.0.0.1
RATL APPSCAN BUILD EDITION
(Bundle of Standard Edition and Source Edition. Source Edition is not affected )
http://www.ibm.com/support/docview.wss?uid=swg24029444
8.0.0 – 8.0.0.1
RATL APPSCAN EXPRESS EDITION http://www.ibm.com/support/docview.wss?uid=swg24029444
8.0.0 – 8.0.0.1
RATL APPSCAN STANDARD ED http://www.ibm.com/support/docview.wss?uid=swg24029444
7.8.0 – 7.8.0.2
RATL APPSCAN BUILD EDITION
(Bundle of Standard Edition and Source Edition. Source Edition is not affected)
http://www.ibm.com/support/docview.wss?uid=swg24029446
7.9.0
RATL APPSCAN BUILD EDITION
(Bundle of Standard Edition and Source Edition. Source Edition is not affected)
http://www.ibm.com/support/docview.wss?uid=swg24029447
5.6.0 – 5.6.0.3
RATL APPSCAN ENTERPRISE ED http://www.ibm.com/support/docview.wss?uid=swg24029448
7.8.0 – 7.8.0.2
RATL APPSCAN EXPRESS EDITION http://www.ibm.com/support/docview.wss?uid=swg24029446
7.9.0 – 7.9.0.3
RATL APPSCAN EXPRESS EDITION http://www.ibm.com/support/docview.wss?uid=swg24029447
5.6.0 – 5.6.0.3
RATL APPSCAN REPORTING CONSOLE http://www.ibm.com/support/docview.wss?uid=swg24029448
7.8.0 – 7.8.0.2
RATL APPSCAN STANDARD ED http://www.ibm.com/support/docview.wss?uid=swg24029446
7.9.0 – 7.9.0.3
RATL APPSCAN STANDARD ED http://www.ibm.com/support/docview.wss?uid=swg24029447
5.6.0 – 5.6.0.3
RATL APPSCAN TESTER ED http://www.ibm.com/support/docview.wss?uid=swg24029448
5.6.0 – 5.6.0.3
RATL POLICY TESTER ACCESS ED http://www.ibm.com/support/docview.wss?uid=swg24029451
5.6.0 – 5.6.0.3
RATL POLICY TESTER PRIVACY ED http://www.ibm.com/support/docview.wss?uid=swg24029451
5.6.0 – 5.6.0.3
RATL POLICY TESTER QUALITY ED http://www.ibm.com/support/docview.wss?uid=swg24029451
7.1.1 - 7.1.1.4
RATL CC CHG MGMT SOL ENT ED
(Bundle of ClearCase, ClearCase MultiSite, ClearQuest and ClearQuest MultiSite).
ClearCase 7.1.1-7.1.1.4: http://www.ibm.com/support/docview.wss?uid=swg24029353

ClearQuest 7.1.1-7.1.1.4: http://www.ibm.com/support/docview.wss?uid=swg24029352

7.1.1 - 7.1.1.4
RATL CC CHG MGMT SOL
(Bundle of ClearCase and ClearQuest)
ClearCase 7.1.1-7.1.1.4: http://www.ibm.com/support/docview.wss?uid=swg24029353

ClearQuest 7.1.1-7.1.1.4: http://www.ibm.com/support/docview.wss?uid=swg24029352

7.1.1 - 7.1.1.4
RATL CLEARCASE http://www.ibm.com/support/docview.wss?uid=swg24029353
7.1.1 - 7.1.1.4
RATL CLEARQUEST MSITE EXT. http://www.ibm.com/support/docview.wss?uid=swg24029352
7.1.1 - 7.1.1.4
RATL CLEARQUEST http://www.ibm.com/support/docview.wss?uid=swg24029352
7.1.1 - 7.1.1.4
RATL CLRCASE AND MSITE EXT http://www.ibm.com/support/docview.wss?uid=swg24029353
7.1.1 - 7.1.1.4
RATL CLRCASE MULTISITE EXT http://www.ibm.com/support/docview.wss?uid=swg24029353
7.1.1 - 7.1.1.4
RATL CLRQUEST & MSITE EXT http://www.ibm.com/support/docview.wss?uid=swg24029352
7.1.1 - 7.1.1.4
RATL LIFECYCLE PACKAGE
(Bundle of ClearQuest, RequisitePro and Rational Method Composer. Rational Method Composer is not affected.)
ClearQuest 7.1.1-7.1.1.4: http://www.ibm.com/support/docview.wss?uid=swg24029352

RequisitePro 7.1.1–7.1.1.4:

http://www.ibm.com/support/docview.wss?uid=swg24029184

7.1.1 - 7.1.1.4
RATL LIFECYCLE PKG W/CC
(Bundle of ClearCase ClearQuest, RequisitePro and Rational Method Composer. Rational Method Composer is not affected.)
ClearCase 7.1.1-7.1.1.4: http://www.ibm.com/support/docview.wss?uid=swg24029353

ClearQuest 7.1.1-7.1.1.4: http://www.ibm.com/support/docview.wss?uid=swg24029352

RequisitePro 7.1.1–7.1.1.4:

http://www.ibm.com/support/docview.wss?uid=swg24029184

7.1.1 - 7.1.1.4
RATL REQUISITEPRO http://www.ibm.com/support/docview.wss?uid=swg24029184
7.0.3 - 7.0.3.4
RATL ROBOT http://www.ibm.com/support/docview.wss?uid=swg24029464
7.0.3 - 7.0.3.4
RATL SODA http://www.ibm.com/support/docview.wss?uid=swg24029454
7.0.3 - 7.0.3.4
RATL Project Console ftp://public.dhe.ibm.com/software/rational/ProjectConsole/7.0.3.5/7.0.3.5-RATL-RPJC-WIN-FP05.zip
7.1.0 - 7.1.0.2
RATL CC CHG MGMT SOL ENT ED
(Bundle of ClearCase, ClearCase MultiSite, ClearQuest and ClearQuest MultiSite.)
ClearCase 7.1.0-7.1.0.2: http://www.ibm.com/support/docview.wss?uid=swg24029413

ClearQuest 7.1.0-7.1.0.2: http://www.ibm.com/support/docview.wss?uid=swg24029413

7.1.0 - 7.1.0.2
RATL CC CHG MGMT SOL
(Bundle of ClearCase and ClearQuest)
ClearCase 7.1.0-7.1.0.2: http://www.ibm.com/support/docview.wss?uid=swg24029413

ClearQuest 7.1.0-7.1.0.2: http://www.ibm.com/support/docview.wss?uid=swg24029413

7.1.0 - 7.1.0.2
RATL CLEARCASE http://www.ibm.com/support/docview.wss?uid=swg24029413
7.1.0 - 7.1.0.2
RATL CLEARQUEST MSITE EXT. http://www.ibm.com/support/docview.wss?uid=swg24029413
7.1.0 - 7.1.0.2
RATL CLEARQUEST http://www.ibm.com/support/docview.wss?uid=swg24029413
7.1.0 - 7.1.0.2
RATL CLRCASE AND MSITE EXT http://www.ibm.com/support/docview.wss?uid=swg24029413
7.1.0 - 7.1.0.2
RATL CLRCASE MULTISITE EXT http://www.ibm.com/support/docview.wss?uid=swg24029413
7.1.0 - 7.1.0.2
RATL CLRQUEST & MSITE EXT http://www.ibm.com/support/docview.wss?uid=swg24029413
7.1.0 - 7.1.0.2
RATL LIFECYCLE PACKAGE
(Bundle of ClearQuest, RequisitePro and Rational Method Composer. Rational Method Composer is not affected.)
ClearQuest 7.1.0-7.1.0.2:

http://www.ibm.com/support/docview.wss?uid=swg24029413

RequisitePro 7.1.0-7.1.0.2:

http://www.ibm.com/support/docview.wss?uid=swg24029413

7.1.0 - 7.1.0.2
RATL LIFECYCLE PKG W/CC
(Bundle of ClearCase ClearQuest, RequisitePro and Rational Method Composer. Rational Method Composer is not affected.)
ClearCase 7.1.0-7.1.0.2: http://www.ibm.com/support/docview.wss?uid=swg24029413

ClearQuest 7.1.0-7.1.0.2: http://www.ibm.com/support/docview.wss?uid=swg24029413

RequisitePro 7.1.0-7.1.0.2:

http://www.ibm.com/support/docview.wss?uid=swg24029413

7.1.0 - 7.1.0.2
RATL REQUISITEPRO http://www.ibm.com/support/docview.wss?uid=swg24029413
7.0.2 - 7.0.2.2
RATL ROBOT http://www.ibm.com/support/docview.wss?uid=swg24029413
7.0.2 - 7.0.2.2
RATL SODA http://www.ibm.com/support/docview.wss?uid=swg24029413
7.0.2 - 7.0.2.2
RATL Project Console http://www.ibm.com/support/docview.wss?uid=swg24029413
7.0.0.4 - 7.0.0.9
RATL CC CHG MGMT SOL ENT ED
(Bundle of ClearCase, ClearCase MultiSite, ClearQuest and ClearQuest MultiSite)
ClearCase 7.0.0.4-7.0.0.9:

ftp://public.dhe.ibm.com/software/rational/licensing/7.0.0/7.0.0.x-RATL-FLEXC-WIN.zip

ClearQuest 7.0.0.4-7.0.0.9:

ftp://public.dhe.ibm.com/software/rational/licensing/7.0.0/7.0.0.x-RATL-FLEXC-WIN.zip

7.0.0.4 - 7.0.0.9
RATL CC CHG MGMT SOL
(Bundle of ClearCase and ClearQuest)
ClearCase 7.0.0.4-7.0.0.9: ftp://public.dhe.ibm.com/software/rational/licensing/7.0.0/7.0.0.x-RATL-FLEXC-WIN.zip

ClearQuest 7.0.0.4-7.0.0.9: ftp://public.dhe.ibm.com/software/rational/licensing/7.0.0/7.0.0.x-RATL-FLEXC-WIN.zip

7.0.0.4 - 7.0.0.9
RATL CLEARCASE ftp://public.dhe.ibm.com/software/rational/licensing/7.0.0/7.0.0.x-RATL-FLEXC-WIN.zip
7.0.0.4 - 7.0.0.9
RATL CLEARQUEST MSITE EXT. ftp://public.dhe.ibm.com/software/rational/licensing/7.0.0/7.0.0.x-RATL-FLEXC-WIN.zip
7.0.0.4 - 7.0.0.9
RATL CLEARQUEST ftp://public.dhe.ibm.com/software/rational/licensing/7.0.0/7.0.0.x-RATL-FLEXC-WIN.zip
7.0.0.4 - 7.0.0.9
RATL CLRCASE AND MSITE EXT ftp://public.dhe.ibm.com/software/rational/licensing/7.0.0/7.0.0.x-RATL-FLEXC-WIN.zip
7.0.0.4 - 7.0.0.9
RATL CLRCASE MULTISITE EXT ftp://public.dhe.ibm.com/software/rational/licensing/7.0.0/7.0.0.x-RATL-FLEXC-WIN.zip
7.0.0.4 - 7.0.0.9
RATL CLRQUEST & MSITE EXT ftp://public.dhe.ibm.com/software/rational/licensing/7.0.0/7.0.0.x-RATL-FLEXC-WIN.zip
7.0.0.4 - 7.0.0.9
RATL REQUISITEPRO ftp://public.dhe.ibm.com/software/rational/licensing/7.0.0/7.0.0.x-RATL-FLEXC-WIN.zip
7.0.0.4 - 7.0.0.9
RATL ROBOT ftp://public.dhe.ibm.com/software/rational/licensing/7.0.0/7.0.0.x-RATL-FLEXC-WIN.zip
7.0.0.4 - 7.0.0.9
RATL SODA ftp://public.dhe.ibm.com/software/rational/licensing/7.0.0/7.0.0.x-RATL-FLEXC-WIN.zip
7.0.0.4 - 7.0.0.9
RATL Project Console ftp://public.dhe.ibm.com/software/rational/licensing/7.0.0/7.0.0.x-RATL-FLEXC-WIN.zip
7.0.1.3 - 7.0.1.11
RATL CC CHG MGMT SOL ENT ED
(Bundle of ClearCase, ClearCase MultiSite, ClearQuest and ClearQuest MultiSite)
ClearCase 7.0.1.3-7.0.1.11:

http://www.ibm.com/support/docview.wss?uid=swg24029351

ClearQuest 7.0.1.3-7.0.1.11:

http://www.ibm.com/support/docview.wss?uid=swg24029350

7.0.1.3 - 7.0.1.11
RATL CC CHG MGMT SOL
(Bundle of ClearCase and ClearQuest)
ClearCase 7.0.1.3-7.0.1.11: http://www.ibm.com/support/docview.wss?uid=swg24029351

ClearQuest 7.0.1.3-7.0.1.11: http://www.ibm.com/support/docview.wss?uid=swg24029350

7.0.1.3 - 7.0.1.11
RATL CLEARCASE http://www.ibm.com/support/docview.wss?uid=swg24029351
7.0.1.3 - 7.0.1.11
RATL CLEARQUEST MSITE EXT. http://www.ibm.com/support/docview.wss?uid=swg24029350
7.0.1.3 - 7.0.1.11
RATL CLEARQUEST http://www.ibm.com/support/docview.wss?uid=swg24029350
7.0.1.3 - 7.0.1.11
RATL CLRCASE AND MSITE EXT http://www.ibm.com/support/docview.wss?uid=swg24029351
7.0.1.3 - 7.0.1.11
RATL CLRCASE MULTISITE EXT http://www.ibm.com/support/docview.wss?uid=swg24029351
7.0.1.3 - 7.0.1.11
RATL CLRQUEST & MSITE EXT http://www.ibm.com/support/docview.wss?uid=swg24029350
7.0.1.3 - 7.0.1.11
RATL ROBOT ftp://ftp.software.ibm.com/software/rational/robot/7.0.1/7.0.1.12/7.0.1.12-RATL-RRBT-WIN-en-US-FP12.msp
7.0.1.3 - 7.0.1.11
RATL SODA http://www.ibm.com/support/docview.wss?uid=swg24029457
7.0.1.3 - 7.0.1.11
RATL Project Console ftp://public.dhe.ibm.com/software/rational/ProjectConsole/7.0.1.11/7.0.1.11-RATL-RPJC-WIN-all-FP11.zip
7.0.1.3 - 7.0.1.11
RATL REQUISITEPRO http://www.ibm.com/support/docview.wss?uid=swg24029189
8.1 – 8.1.0.3
RATL PERFORMANCE TESTER http://www.ibm.com/support/docview.wss?uid=swg24029363
8.1.1 – 8.1.1.2
RATL PERFORMANCE TESTER http://www.ibm.com/support/docview.wss?uid=swg24029360
8.0.0
RATL FUNCTIONAL TESTER PLUS
(Bundle of Rational Functional Tester and Robot. Rational Functional Tester is not affected)
Robot 7.0.2-7.0.2.2: http://www.ibm.com/support/docview.wss?uid=swg24029413
8.1.0 - 8.1.1
RATL FUNCTIONAL TESTER PLUS
(Bundle of Rational Functional Tester and Robot. Rational Functional Tester is not affected
Robot 7.0.3-7.0.3.4:

http://www.ibm.com/support/docview.wss?uid=swg24029464

7.0.0.4 – 7.0.0.6

7.0.1

RATL PURIFY FOR WINDOWS http://www.ibm.com/support/docview.wss?uid=swg24029478
7.0.0.4 – 7.0.0.6

7.0.1

RATL PURIFYPLUS ENT EDITION
(Bundle of PurifyPlus Windows and PurifyPlus Linux and Unix. Purify Plus for Linux and Unix is not affected)
http://www.ibm.com/support/docview.wss?uid=swg24029478
7.0.0.4 – 7.0.0.6

7.0.1

RATL PURIFYPLUS FOR WINDOWS http://www.ibm.com/support/docview.wss?uid=swg24029478
7.0.0.4
RATL ROSE DATA MODELER http://www.ibm.com/support/docview.wss?uid=swg21472870
7.0.0.4
RATL ROSE DEV FOR JAVA http://www.ibm.com/support/docview.wss?uid=swg21472870
7.0.0.4
RATL ROSE DEV VISUAL STUDIO http://www.ibm.com/support/docview.wss?uid=swg21472870
7.0.0.4
RATL ROSE DEV VISUAL BASIC http://www.ibm.com/support/docview.wss?uid=swg21472870
7.0.0.4
RATL ROSE ENTERPRISE http://www.ibm.com/support/docview.wss?uid=swg21472870
7.0.0.4
RATL ROSE MODELER http://www.ibm.com/support/docview.wss?uid=swg21472870
7.0.0.4
RATL ROSE TECHNICAL DEV
(Bundle of Rose and Rose RealTime. Rose RealTime is not affected.)
http://www.ibm.com/support/docview.wss?uid=swg21472870
7.0.0.4
RATL ROSE ADA PROFESSIONAL http://www.ibm.com/support/docview.wss?uid=swg21472870



Related information


Document change log




1 According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

Rational License Key Server
General Information

Software version:

7.0, 7.0.0.1, 7.0.0.2, 7.0.1, 7.0.1.1, 7.0.3.1, 7.1, 7.1.0.1, 7.1.0.2, 7.1.1, 7.1.1.1, 7.1.1.2, 7.1.1.3, 7.1.1.4

Operating system(s):

Windows

Reference #:

1470998

Modified date:

2011-04-13

Translate my page

Machine Translation

Content navigation