Global Security Kit (GSKit) has a vulnerability. For avoiding these issues in IBM Rational Build Forge, you should use latest version GSKit which contains the fixes for this problem
Resolving the problem
Workarounds: use the latest version GSKit tool.
Contact your product support (z/OS or IHS/IBM WebSphere Application Server) to get the updated GSKIT bits for your system. This is not supplied by Rational Build Forge Support.
Section A (if you use bfagent with system ssl on z/OS)
Installing > Installing agents
Installing and running the agent on System z platforms
During the fourth step.
4 On the z/OS system, run the following commands to build the agent source code:
a. First step: .configure-zos. Note the use of –with-system-ssl. You provide the path to the system SSL(use the latest version GSKit(system ssl)).
pax -rf src-bfagent-<version>.tar -ofrom=ISO8859-1,to=IBM-1047
Section B (if you use IBM HTTP Server instead of Apache HTTP Server)
Integrating > Rational Build Forge and WebSphere products
Using IBM HTTP Server instead of Apache HTTP Server
During the third and fourth step
3 Convert the Build Forge keys from PKCS12 to CMS. Use the GSKIT tool(use the latest version GSKIT tool). In gsk7\bin (Windows) or bin (UNIX or Linux), run the following command (line breaks are added for clarity):
gsk7cmd -keydb -convert -db bfinstall\keystore\buildForgeKeyStore.p12 -pw buildForgeKeyStore_password -old_format pkcs12 -new_format cms
4 Store the password in a stash file. IHS uses this file to get the password during startup. Without it, IHS prompts for the password. Use the GSKIT tool (use the latest version GSKIT tool). In gsk7\bin (Windows) or bin (UNIX or Linux), run the following command (line breaks are added for clarity):
gsk7cmd -keydb -stashpw -db bfinstall\keystore\buildForgeKeyStore.kdb -pw buildForgeKeyStore_password