Headline
CVE-2012-2160: Fix List for Rational Change
IBM Rational Change 5.3 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using the SUPP_TEMPLATE_FLAG parameter in a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
IBM Rational Software Support Communities
- Visit the IBM Support Portal to configure your support portal experience and review FAQs, lists of known problems, fixes, and a wealth of important support information.
- Visit developerWorks to access an online collection of tutorials, sample code, standards, forums and other resources provided by experts at IBM to assist software developers using Rational tools including access to the IBM RFE Community.
- Visit the Jazz Community if you use a Rational product created using the Jazz platform to interact directly with the Jazz development team and other community members, download product trials and betas and track development progress.
Helpful Hints For Obtaining Technical Assistance:
Before you contact IBM Rational Software Support, gather the background information that you need to describe the problem. When you describe a problem to an IBM software support specialist, be as specific as possible and include all relevant background information so that the specialist can help you solve the problem efficiently. To save time, know the answers to these questions:
- What software versions were you running when the problem occurred?
- Do you have logs, traces, or messages that are related to the problem?
- Can you reproduce the problem? If so, what steps do you take to reproduce it?
- Is there a workaround for the problem? If so, be prepared to describe the workaround.
If you have helpful information to diagnose or identify the problem on your system, you can provide this data by following the instructions to exchange information with IBM Technical Support.
Table of Contents:
5.2.0.8 Interim Fix 7
5.2.0.8 Interim Fix 6
5.2.0.8 Interim Fix 5
5.2.0.8 Interim Fix 4
5.2.0.8 Interim Fix 3
5.2.0.8 Interim Fix 2
5.2.0.8 Interim Fix 1
5.2 Fix Pack 8
5.2 Fix Pack 7
5.2 Fix Pack 6
5.2 Fix Pack 5
5.2 Fix Pack 4
5.2 Fix Pack 3
5.2 Fix Pack 2
5.2 Fix Pack 1
5.2 Release
Interim Fix 7 (5.2.0.8_iFix007)
Link
Date Released
Status
Download 5.2.0.8_iFix007
29 April 2015
Current
APAR
Internal ID
Description
N/A
R#46435
Open Source Direct Web Remoting vulnerability - Reported in 11/14/2014 X-Force Report
Interim Fix 6 (5.2.0.8_iFix006)
Link
Date Released
Status
Download 5.2.0.8_iFix006
06 November 2014
Optional
Interim Fix 5 (5.2.0.8_iFix005)
Link
Date Released
Status
Download 5.2.0.8_iFix005
19 August 2014
Superseded
Interim Fix 4 (5.2.0.8_iFix004)
Link
Date Released
Status
Download 5.2.0.8_iFix004
19 June 2014
Superseded
APAR
Internal ID
Description
PI14229
R#45830
Mirrored_attribute of type time does not use the format of CCM_DATE attribute
PI17254
R#45934
Saving process .xml hangs due to validation.js file
N/A
R#45780
Missing Token Error in Change 5.3.0.6
N/A
R#45870
Update applet jar to support Java 7 U51
N/A
R#45966
Open Source Apache Struts V1 ClassLoader manipulation vulnerability (CVE-2014-0114)
Interim Fix 3 (5.2.0.8_iFix003)
Link
Date Released
Status
Download 5.2.0.8_iFix003
19 December 2013
Superseded
APAR
Internal ID
Description
PI06946
R#45483
Rational Change shows warning “This application will be blocked in a future Java security update …”
PM98968
R#45337
Ok to “Discard Edit” does not remove the unsaved modification when a task is also created
Interim Fix 2 (5.2.0.8_iFix002)
Link
Date Released
Status
Download 5.2.0.8_iFix002
15 August 2013
Superseded
APAR
Internal ID
Description
PM90786
R#44627
The crAssignEmail.pl hangs if there is no reference to resolver in LDAP
PM90961
R#44637
Rational Change login for users puts “ERROR: Unexpected error while updating user’s groups” in event.log
PM92365
R#44744
Querying in on attribute that has dependencies incorrectly displays listbox dependency chain icon in query view
PM92736
R#44780
Users may be required to login twice after installing 5.2.0.8 iFix01
PM93602
R#44860
Report on dependent listbox requires login with 5.2.0.8 iFix01
PM94569
R#44939
Incorrect token being created for login dialog URL when presented in a popup window
Interim Fix 1 (5.2.0.8_iFix001)
Link
Date Released
Status
Download 5.2.0.8_iFix001
13 June 2013
Superseded
APAR
Internal ID
Description
PM75068
R#43740
Remove tokens from URLs used in internal action links. (This fix requires regeneration and reinstallation of your process package and you should reapply your customization if any to attribute control files. For more refer to Installation Instructions.)
N/A
R#44089
Dependent listbox set as CCM_HIDDEN prevents other dependent listbox from same parent to get dependent listbox values
N/A
R#44167
Change 5.2 becomes unresponsive and requires restart
N/A
R#44177
Can’t remove symbol character within CCM_NUMBER webtype value
N/A
R#44190
License process port on Change server is not updated when the port is in use
N/A
R#44217
Session Sharing implementation in Rational Change. To enable this feature refer to Implementing login session sharing in Rational Change
PM83991
R#44257
‘failed to read input’ when selecting Browser Version in query builder
PM85591
R#44365
IBM Rational Change error message “failed to checkout license, license server may not be running”
PM85591
R#44469
Change Trigger API object is not available for external listbox
PM88568
R#44524
modifyObjectattribute API doesnot log the info to transition log
PM88620
R#44526
(UTF-8) Japanese name query/format is unable to be set as home page.
PM89232
R#44556
Change-Base licenses are not released even after the user exits the application
N/A
R#44576
CR show form disrupted after recreating process package
N/A
R#44584
Maintain unique attachment names
N/A
R#44587
Check-in “RDS_Tivoli_521_ifix01” client libraries.
PM90427
R#44614
Matrix report is missing the part of the attribute name surrounding by the brackets
Fix Pack 8 (5.2.0.8)
Link
Date Released
Status
Download 5.2.0.8
20 December 2012
Superseded
APAR
Internal ID
Description
PM63405
R#42855
User can’t change Lifecycle attributes for a query using IE9
PM64556
R#42963
Square bracket characters should not be allowed in the listboxes content
PM67457
R#43196
Change report including RQM attributes shows unformatted data
N/A
R#43205
Excel report adds new rows before and after indented text
PM67924
R#43222
Incorrect extended character encoding in Home Pages after applying FixPack 5.2.0.7
N/A
R#43313
JSP violation for certain tomcat versions in change.
PM70503
R#43409
CJKT names are classified in “other” in the Favorite Users dialog. Add option to filter the users.
N/A
R#43412
Update web service API to return OSLC urls to tasks associated with the CR
N/A
R#43413
Update the RDS Libraries to address user not a member of meta group Exception
N/A
R#43422
Update web service API in Change to return OSLC urls for Change Requests
N/A
R#43444
Login fails if user name has space in it
PM71884
R#43532
Invalid “User_ID” or “Password” error seen when users are trying to login to Rational Change 5.2.0.7, RDS in corporate mode
PM73423
R#43646
Creating CR attachment via CSAPI writes internal attachment name to transition_log instead of display name
PM73937
R#43677
Valid OSLC XML data containing an ampersand is not handled properly in Change
N/A
R#43708
Process merge stripping off the PRE_TRIGGER and PRE_RELATION_TRIGGER_TYPE tags.
PM74902
R#43732
Matrix report HTML cannot display attribute which contains a pair of brackets.
PM75526
R#43771
RDS local users with RDS Apache 5.1.1.2 / synergy 7.1.0.6 iFix1 / change 5.2.0.7 still have authentication issues
PM75796
R#43780
“Fatal Servlet Error” when saving table in problem description field using Mozilla Firefox
PM76477
R#43829
Can’t remove symbol character within CCM_NUMBER web type value
PM77798
R#43925
from_db attribute in a CR show is not having any value set
N/A
R#43935
‘ConcurrentModificationException’ while accessing attribute control cache
Fix Pack 7 (5.2.0.7)
Link
Date Released
Status
Download 5.2.0.7
14 June 2012
Superseded
APAR
Internal ID
Description
N/A
R#33806
Unable to view email id of the user in the subscription list
N/A
R#41343
This correction, while not part of the Fix Pack proper, were made to the Information Center: Documentation needs to be updated to use correct JRE update by the client browsers in case of IE8
PM52628
R#41936
Section breaks are not placing attributes correctly
N/A
R#42033
PTDataListBox inconsistency when no there are no favorite users
N/A
R#42034
‘Help’ option missing on 'Manage Folder Security" dialog.
N/A
R#42109
Perl script: Task query directed at remote server but attempts to run on central server
PM55629
R#42157
BSF trigger on a boolean attribute returns ‘null’ instead of “false” or "true".
N/A
R#42254
DOORS Change Integration perfomance downgrade caused by large RDS group
N/A
R#42314
Line feeds not preserved if webtype differs at CRPocess and lifecycle levels
N/A
R#42453
Cookie is not getting set properly when accessing Change with url having hostname instead of ipaddress
N/A
R#42468
Synchronization server reports ‘userDisplayName is null’ while fetching the transition logs from change.
PM60110
R#42537
Jetty uses up almost 100% CPU when trying to read XML data from RDS
PM60489
R#42604
Shared preference cache should create the *.js/*.gz files.
PM60564
R#42612
Duplicate database IDs have been observed in OSLC interface
N/A
R#42768
Jetty Hashtable denial of service
PM62508
R#42786
Database and role login preferences missing in Change 5.2.0.6
PM63048
R#42837
The ‘New’ and ‘Add’ links for the Associated Tasks control require the crstatus attribute on the dialog
N/A
R#42914
Update RDS Client libraries to support MetaGroup functionality
N/A
R#42961
Mirrored attribute values causes UI inconsistency
PM64752
R#42996
Message “Successfully changed user privileges” is shown when the changes were not successfully saved
N/A
R#43004
Problems setting attribute value using Python scripting
N/A
R#43007
Enforcing ACLs while sending CR information via subscription notification causes unnecessary user sessions
PM65204
R#43033
DOORS module will be opened in read-only mode if another Synergy database is disabled.
N/A
R#43060
After upgrading my Synergy installation from 7105 to 7106, Change central-remote servers in https mode had communication errors.
N/A
R#43075
Defects in licensing code.
Fix Pack 6 (5.2.0.6)
Link
Date Released
Status
Download 5.2.0.6
15 December 2011
Superseded
Fix Pack 5 (5.2.0.5)
Link
Date Released
Status
Download 5.2.0.5
12 August 2011
Superseded
Fix Pack 4 (5.2.0.4)
Link
Date Released
Status
Download 5.2.0.4
17 September 2010
Superseded
Fix Pack 3 (5.2.0.3)
Link
Date Released
Status
Download 5.2.0.3
30 June 2010
Superseded
Fix Pack 2 (5.2.0.2)
Link
Date Released
Status
Download 5.2.0.2
18 December 2009
Superseded
Fix Pack 1 (5.2.0.1)
Link
Date Released
Status
Download 5.2.0.1
25 September 2009
Superseded
Initial Release (5.2)
Link
Date Released
Status
Download 5.2
25 September 2009
Superseded
Table of Contents:
5.3.0.6 Interim Fix 6
5.3.0.6 Interim Fix 5
5.3.0.6 Interim Fix 4
5.3.0.6 Interim Fix 3
5.3.0.6 Interim Fix 2
5.3.0.6 Interim Fix 1
5.3 Mod Pack 1
5.3 Fix Pack 6
5.3 Fix Pack 5
5.3 Fix Pack 4
5.3.0.3 Interim Fix 1
5.3 Fix Pack 3
5.3.0.2 Interim Fix 2
5.3.0.2 Interim Fix 1
5.3 Fix Pack 2
5.3 Fix Pack 1
5.3 Release
Interim Fix 6 (5.3.0.6_iFix006)
Link
Date Released
Status
Download 5.3.0.6_iFix006
15 Oct 2016
Current
APAR
Internal ID
Description
N/A
R#47117
Certificate used to sign applet jar is revoked.
Interim Fix 5 (5.3.0.6_iFix005)
Link
Date Released
Status
Download 5.3.0.6_iFix005
23 March 2016
Current
APAR
Internal ID
Description
PI50735
R#46904
SHARED REPORT IMMEDIATELY EXECUTION, “A SERVER ERROR HAS OCCURRED”
PI52614
R#46918
THE STATE OF A CHANGE DATABASE CHANGES AFTER A RESTART OF RATIONAL CHANGE
Interim Fix 4 (5.3.0.6_iFix004)
Link
Date Released
Status
Download 5.3.0.6_iFix004
04 June 2014
Superseded
APAR
Internal ID
Description
PI22573
R#46124
Report Format Display when ‘run immediately’ does not use defined formatting
PI31810
R#46427
Subscriber full name replaced by user login in Edit CR Subscription List dialog
R#46434
Open Source Direct Web Remoting vulnerability - Reported in 11/14/2014 X-Force Report
PI33545
R#46476
Pagination in relational report option fails when using “immediately run report” option
R#46595
Query Limit on Adhoc-Relational reports
PI38428
R#46614
Submitters name not showing up using annotated text via email URL to access CR
R#46626
Bulk transitions fails when one or more related CRs are not in required state
PI39715
R#46653
Change Task Query Throws Report Format error when using specific query
R#46703
CCM_DATE attribute is missing the SUB_ATTR_ prefix resp. suffix
Interim Fix 3 (5.3.0.6_iFix003)
Link
Date Released
Status
Download 5.3.0.6_iFix003
16 December 2014
Superseded
APAR
Internal ID
Description
PI13013
R#45745
Calendar widget not displaying correctly in Change 5.3.0.6
PI22662
R#46125
submission of a CR results in error ‘unknown attribute type’
PI22669
R#46126
Unable to redefine Query limits for reports with Block Reports
N/A
R#46149
Change login works with wrong case username
Interim Fix 2 (5.3.0.6_iFix002)
Link
Date Released
Status
Download 5.3.0.6_iFix002
30 July 2014
Superseded
APAR
Internal ID
Description
N/A
R#45938
Saving process .xml hangs due to validation.js file
N/A
R#45965
Open Source Apache Struts V1 ClassLoader manipulation vulnerability (CVE-2014-0114).
Interim Fix 1 (5.3.0.6_iFix001)
Link
Date Released
Status
Download 5.3.0.6_iFix001
20 March 2014
Superseded
APAR
Internal ID
Description
N/A
R#40165
Embedded URL within email may not be accessible to recipient.
PI06336
R#45452
Missing Token Error in Change 5.3.0.6
N/A
R#45488
Rational Change shows warning “This application will be blocked in a future Java security update …”
N/A
R#45490
Ok to “Discard Edit” does not remove the unsaved modification when a task is also created
N/A
R#45634
Certificate used to digitally sign applet expires on March 2014
Fix Pack 5 (5.3.0.6)
Link
Date Released
Status
Download 5.3.0.6
19 September 2013
Superseded
APAR
Internal ID
Description
PM76648
R#43846
Benign webpage error when displaying CR after applying 5.3.0.4
PM79590
R#44047
Defect: CRCHG0920E Login failed: com.telelogic.tds.engine.ldap.jndi.tdsrole. after 5.3.0.4 patch
PM89007
R#44545
Queries with ‘<’ or ‘>’ in their names fail
PM90818
R#44628
ccm_date attribute has a problem to show a calendar
PM91542
R#44667
Unable to change attribute’s web type from CCM_TEXT to CCM_HIDDEN in Copy Dialog
PM93180
R#44819
Associated tasks limit does not warn any longer when limit is exceeded.
PM93299
R#44825
Deletion of reports fails with ReportBuilder role
N/A
R#42131
No results returned when quering tracksChangeSet through OSLC on a stand alone Change server
N/A
R#42829
RTC login from Change is not so smooth the first time
N/A
R#43451
Change does not properly decode reserved HTML characters entity number
N/A
R#43557
Enabling project security and adding a few roles and then restarting the server shows the same role saved twice
N/A
R#44317
Rdf generated for Change OSCL has invalid value for rdf:Id
N/A
R#44367
‘failed to read input’ when selecting Browser Version in query builder
N/A
R#44405
Session Sharing implementation in Rational Change
N/A
R#44409
Remove tokens from URLs used in internal action links
N/A
R#44459
Change Remove Server 5305 does not start on RHEL6
N/A
R#44461
Change Trigger API object is not available for external listbox.
N/A
R#44530
(UTF-8) Japanese name query/format is unable to be set as home page.
N/A
R#44585
Maintain unique attachnames
N/A
R#44586
Change-Base licenses are not released even after the user exits the application
N/A
R#44641
Current versions of Javadoc generate HTML with embedded javascript that contains a frame-injection security vulnerability
N/A
R#44647
IBM Rational Change error message “failed to checkout license, license server may not be running”
N/A
R#44722
Rational Change 5.3.0.5 as a consumer of OSLC service from RTC 4.0.3 does not work
N/A
R#44790
Querying in on attribute that has dependencies incorrectly displays listbox dependency chain icon in query view
N/A
R#44929
The crAssignEmail.pl hangs if there is no reference to resolver in LDAP
N/A
R#44931
Report on dependent listbox requires login with 5.2.0.8 iFix01
N/A
R#44944
Error ‘XML Content cannot be parsed’ when a query is run
N/A
R#44971
Matrix report is missing the part of the attribute name surrounding by the brackets
N/A
R#45065
Security issues in Change 5.3.0.6 admin console
N/A
R#45066
Security issues in Change 5.3.0.6 user console
N/A
R#45077
Listbox icon is not shown for dependent listbox of CUSTOM webtype
N/A
R#45086
modifyObjectattribute API doesnot log the info to transition log
N/A
R#45107
Pop ups in editing a home page report is not working
N/A
R#45109
Users may be required to login twice after installing 5.2.0.8 iFix01
Fix Pack 5 (5.3.0.5)
Link
Date Released
Status
Download 5.3.0.5
14 March 2013
Superseded
APAR
Internal ID
Description
N/A
R#43467
Fetching transition-log from Change using web-services api fails if the transition log attribute value starts with a new line.
N/A
R#43558
Roles repeated even after deleting one of the duplicates and saving it
PM74162
R#43685
Event.log is filling up with ReportRunner messages
N/A
R#43786
Fatal Servlet Error when saving table in problem description field using Mozilla Firefox
N/A
R#43801
Matrix report HTML cannot display attribute which contains a pair of brackets.
N/A
R#43832
can’t remove symbol character within CCM_NUMBER webtype value
N/A
R#43906
Square bracket characters should not be allowed in the listboxes content
N/A
R#43933
from_db attribute in a CR show is not having any value set
PM78127
R#43942
Change 5.2 becomes unresponsive and requires restart
PM80198
R#44077
dependent listbox set as CCM_HIDDEN prevents other dependent listbox from same parent to get dependent listbox values
N/A
R#44155
CJKT names are classified in “other” in the Favorite Users dialog. Add option to filter the users
Fix Pack 4 (5.3.0.4)
Link
Date Released
Status
Download 5.3.0.4
20 September 2012
Superseded
APAR
Internal ID
Description
PM33010
R#39666
Change behavior of product regarding technote 1420147: Associated tasks are not visible in Change Request form
N/A
R#41039
More than one user count for the same user is shown on a database on the admin home page
N/A
R#41044
User count on database drops to 0
PM48131
R#41379
Change should support ordered list of license servers in license_data.txt
PM48167
R#41386
Excel Report adds new rows before and after indented text
N/A
R#41725
Change help - file not found error
N/A
R#41807
RC 5.3.0.2 ifix001: "HTTP status 404 -" displayed inpalace of IBM logo on helpserver
PM55315
R#42129
Provide valid error message when userid is locked
N/A
R#42547
Document about creating attribute named relatedChangeRequest for backlinks to work between RTC & Change.
N/A
R#42638
Documentation update needed for server rename in OSLC integrations.
PM62337
R#42777
Attachments in a Read Only CR are not displayed.
N/A
R#42783
Shared preference cache should create the *.js/*.gz files.
N/A
R#42821
PSIRT Advisory - Vulnerabilities in IBM Eclipse Help System
PM62968
R#42822
Problems setting attribute value using Python scripting
N/A
R#42868
Getting “Problem accessing /supraja/adminFormLoader.do.” on clicking Trends in the Home of the Admin Interface.
N/A
R#42915
Update RDS Client libraries to support Metagroup functionality
PM64395
R#42948
Up and down arrows to sort listbox values are missing in fix pack 5.3.0.3
N/A
R#42991
‘Help’ option missing on 'Manage Folder Security" dialog.
N/A
R#43017
Duplicate database IDs have been observed in OSLC interface
N/A
R#43023
Message “Successfully changed user privileges” is shown when the changes were not successfully saved
N/A
R#43061
DOORS module will be opened in read-only mode if another Synergy database is disabled.
PM65747
R#43078
Regression in attachment attribute “Allow Viewing of Associated Objects Only”
PM66049
R#43092
Process merge stripping off the PRE_TRIGGER and PRE_RELATION_TRIGGER_TYPE
N/A
R#43148
Synchronization server reports ‘userDisplayName is null’ while fetching the transition logs from change.
N/A
R#43150
The ‘New’ and ‘Add’ links for the Associated Tasks control require the crstatus attribute on the dialog
N/A
R#43152
Have Ajax capability to in-line reports.
N/A
R#43154
BSF trigger on a boolean attribute returns ‘null’ instead of “false” or “true”
N/A
R#43155
Enforcing ACLs while sending CR information via subscription notification causes unnecessary user sessions
N/A
R#43156
Defects in licensing code.
N/A
R#43208
Document upgrading Change on Jetty 8.1.3.
PM68494
R#43248
Removing a role for a user is not reflected in the Report tab
N/A
R#43230
Update the release value to 5.3.0.4
N/A
R#43331
Add a web service API in Change to return OSLC urls for Change Requests
N/A
R#43332
Add a web service API to return OSLC urls to tasks associated with the CR
PM69643
R#43339
Reporiting issues for Global Assignment for group “Everyone” in Rational Change
N/A
R#43427
Login fails if User name space has space in it
PM70687
R#43428
Debug message displayed in event log
N/A
R#43300
JSP violation for certain tomcat versions in change.
PM69384
R#43310
Coding issue in home_page_nav.jsp
N/A
R#43465
Allow removing of a link added to a OSLC_LINK type attribute
N/A
R#43476
Update Change 5.3.0.4 Japanese and Chinese language packs.
N/A
R#43493
Remove link for OSLC_LINK attributes is not working properly for RQM links
N/A
R#43502
User Locked out message dialog is empty
N/A
R#43580
Associated tasks for the Change Request are not displayed if multiple remote servers are associated to a central server
Interim Fix 1 (5.3.0.3_iFix001)
Link
Date Released
Status
Download 5.3.0.3_iFix001
17 May 2012
Superseded
APAR
Internal ID
Description
N/A
R#42080
Need to support server rename for June 2012 (CLM 2012 date)
N/A
R#42546
Cannot link RTC artifacts using “relatedChangeRequests” attribute of OSLC_LINK web type
PM62061
R#42756
Cross-Site Scripting security vulnerability
Fix Pack 3 (5.3.0.3)
Link
Date Released
Status
Download 5.3.0.3
15 March 2012
Superseded
APAR
Internal ID
Description
N/A
R#36888
OSLC prefilled submit dialogs truncate html chars
PM47125
R#41250
Error re-indexing indices in Rational Change
N/A
R#41284
Cookies to support SSL in Rational Change 5.2
PM47491
R#41304
Line feeds not preserved if webtype differs at CRPocess and lifecycle levels
N/A
R#41322
Not able to see attachments when project security is on.
N/A
R#41377
Unable to start Change session where RDS user name differs in case to database user name
N/A
R#41519
Error while executing perl API CreateCSObject
N/A
R#41546
CCM_RELATION Child cannot be created
PM50700
R#41709
Installation of 5.3.0.2 fails when the URL context is removed To apply this fix, take backups of properties directory from the rc5.3.0.3 patch object and CHANGE_APP_HOME. Delete it from the rc5.3.0.3 patch object before installing it. After installing the patch, manually copy the properties directory from the patch backed area to CHANGE_APP_HOME. While uninstalling rc5.3.0.3 patch, manually delete ‘Rational_Change.5.3.FP0.3.fxtag’ file from CHANGE_APP_HOME/properties/version directory and Add the previously backed up file from CHANGE_APP_HOME to CHANGE_APP_HOME/properties/version directory.
N/A
R#41922
Error “Session Pool Balancer” with Change
N/A
R#41925
Change-RTC sync fails if one of the mapped attributes is of type "time".
N/A
R#41931
Fatal Rational Change Servlet Error
N/A
R#41968
The comments field are not being updated from QC to CS after performing the ‘Sync’ operation.
PM53310
R#41997
Fatal error submitting CR where webtype differs between CRProcess and Submit dialog
PM53410
R#42006
Perl script: Task query directed at remote server but attempts to run on central server
PM53767
R#42024
PTDataListBox inconsistency when no there are no favorite users
PM54685
R#42098
transition_log misalignment in section
N/A
R#42100
Task is always created if default value for _CREATE_TASK is set in transition dialog
N/A
R#42102
OSLC DB GUID changes when installing process package.
PM55556
R#42148
mirrored attribute values UI inconsistency
PM55562
R#42149
Rational Change 5.2 :-Unable to view email id of the user in the subscription list
N/A
R#42163
No results returned on developer privilege under ‘Report on users by privilege’
PM56292
R#42204
DOORS Change Integration Performance Downgrade Caused By Large RDS Group
PM56728
R#42233
Fix pack 5.3.0.2 breaks the ability to ‘Simple Process View’ diagram
N/A
R#42298
Document new feature - OSLC
PM58286
R#42358
Queuing parallel backend requests messages appearing in event.log
N/A
R#42384
Translate Change 5.3.0.3
N/A
R#42402
Add OSLC consumer behaviour to Change 5.3
N/A
R#42454
Cookie is not getting set properly when accessing Change with url having hostname instead of ipaddress
PM59661
R#42296
Find users by privilege does not work as expected
Interim Fix 2 (5.3.0.2_iFix002)
Link
Date Released
Status
Download 5.3.0.2_iFix002
30 January 2012
Superseded
APAR
Internal ID
Description
PM53296
R#41995
Jetty crashes with URE under various circumstances
Interim Fix 1 (5.3.0.2_iFix001)
Link
Date Released
Status
Download 5.3.0.2_iFix001
15 November 2011
Superseded
APAR
Internal ID
Description
PM27334
R#38715
Document defects about Japanese Change Perl API
PM32155
R#39508
"br / " appears when Japanese_Localization is installed
N/A
R#41388
Translate Change 5.3.0.2 in Japanese and Chinese.
Fix Pack 2 (5.3.0.2)
Link
Date Released
Status
Download 5.3.0.2
15 September 2011
Superseded
APAR
Internal ID
Description
PM25917
R#38496
CR link does not change color when clicked
N/A
R#39347
Able to bulk transition (dialog less) CRs on which required attribute is not set.
PM31774
R#39452
CCM_READONLY field is corrupted when the field’s Web Type in the previous state is CCM_EXTENDED_TEXT
PM32377
R#39545
Downloads with web service slower than with browser. (This fix needs manual steps. Please refer to Installation instructions document.) The new web service API added is ‘getAttachmentLink’ which returns a link to the attachment for downloading. The attachment must exist and be readable by the calling user, otherwise returns an error. This API accepts token and attachment ID(can be obtained from ‘listAttachments’ API.
N/A
R#40036
OSLC log in doesn’t work right with database ‘admin’ user
PM36916
R#40318
When an attribute named ‘action’ exists, it is not possible to edit and save a CR in Internet Explorer 8
PM37980
R#40442
White gaps are visible in the colored areas on transition forms using the ECP process (This fix is in ECP_process_1.xml. Generate the process package from ECP_process_1.xml and install for this change to take effect.)
N/A
R#40486
[RDS 5675]Project data is not getting saved when Change is connected to RDS 5.2.0.1 Tivoli
PM39704
R#40566
Copy / paste CCM_EXTENDED_TEXT attribute value from one CR to another creates new cells in the attribute and in Excel reports.
PM41034
R#40684
ECP_Process package: The attribute “modifiable_in” shouldn’t be read-only in transition “analysed2in_analysis” (This fix is in ECP_process_1.xml. Generate the process package from ECP_process_1.xml and install for this change to take effect.)
N/A
R#40762
“Rational_Change.5.3.FP0.1.fxtag” file is not getting copied to the appropriate directory (This fix needs manual steps. Please refer to Installation instructions document.)
PM42279
R#40787
Mirrored Attributes show attribute values multiple times
PM42603
R#40815
Formatting problems with columns and sub-reports
N/A
R#40841
Change 5.3.0.2 should point to new JDK (JRE): IBM JDK 1.6.0 SR9 FP1
PM42998
R#40856
When a parent listbox value has a trailing space, sublistbox values are not displayed
N/A
R#40864
OSLC error looking up comments
N/A
R#40875
Unhandled exception / Segmentation error at Change startup
N/A
R#40876
5.3.0.1: Impossible to submit CRs with Extended Text through web services.
N/A
R#40892
Not all exceptions are converted to compatible exceptions at central server when thrown from remote server
N/A
R#40896
Change-SA OSLC integration: Recent list not getting updated
PM43562
R#40901
DRS/Change: Unable to view Associated RC Link
N/A
R#40942
Active Users in Status Summary shows too many active users.
N/A
R#40949
Not able to insert image to “ccm_extended_text” attribute
N/A
R#40976
Receiving “Failed to modify object” message when attempting transition. (This fix requires regeneration and reinstallation of your process package)
N/A
R#40988
Error “400 URL must be absolute” when running fixTdsForMigration.pl
N/A
R#41004
Change 5.3.0.2 does not copy ChangeService.wsdl file to the appropriate location (This fix needs manual steps. Please refer to Installation instructions document.)
N/A
R#41041
Update to Perl’s apiHelp.html
N/A
R#41056
Update the Perl API Help doc to have latest Synergy terms.
N/A
R#41072
Outdated search index can cause HTTP 500 error when sorting search results.
PM45774
R#41107
Change 5.3.0.1: listbox BSF scripts are now only executed at application startup or at configuration reload (This fix needs update to pt.cfg. Add the below line to the end of pt.cfg file: [CCM_SYSTEM][CACHE_EXTERNAL_LISTBOX_VALUES]“actual_value”[/CACHE_EXTERNAL_LISTBOX_VALUES][/CCM_SYSTEM] and replace “actual_value” with either “true” or “false” as needed.)
N/A
R#41139
Update RDS client libraries to RDS 5.1.1 Apache iFix04.
N/A
R#41159
Change 5.3.0.2 build 884: Process help is not rendered completely.
PM46317
R#41167
Slow JDBC-based indexing in RC 5.3
N/A
R#41243
Checkin new RDS client libraries
N/A
R#41248
Too many “getControlType: Invalid Control Type: -1” messages seen in event.log
N/A
R#41273
Log messages indicating the status of optimization is missing in 5.3
N/A
R#41324
Change 5.3.0.2 (Build 889) - Creating package using ‘doors_oslc_process10.xml’ process displays ‘Fatal Rational Change Servlet Error’
The following corrections, while not part of the Fix Pack proper, were made to the Information Center.:
PM22845
R#37899
Listbox Manager tab documentation error
Fix Pack 1 (5.3.0.1)
Link
Date Released
Status
Download 5.3.0.1
16 June 2011
Superseded
APAR
Internal ID
Description
PM05100
R#35043
Filenames that contain characters with an umlaut do not download correctly
PM28738
R#38948
Alias column is missing from optional and required attribute tables in the CR process help
PM29474, PM27970
R#39050
Error in IE when creating a child CR with description set as a preference attribute
PM29704
R#39079
The script set_attribute.js set on a relation attribute doesn’t recognize the current CR
PM33482
R#39716
Incorrect format if System and Shared reports have duplicate names
N/A
R#39848
CR migrate to central database fails
PM34367, PM34142
R#39882
“webType” property does not give real web type in JSP reports
N/A
R#40037
Printer-Friendly View not showing attachments
N/A
R#40528
Queries and reports with ‘<’ or ‘>’ in their names fail
N/A
R#40673
Change and System Architect OSLC integration: Unable to link diagrams/definitions when user creates new artifacts in Change
N/A
R#40677
Adding RTC friend server though Change fails while parsing root services document
The following corrections, while not part of the Fix Pack proper, were made to the Knowledge Center:
N/A
R#32492
Auto-installation of cs_reports when installing a process package is not documented
N/A
R#36510
Document how to change the password or unlock the account of the local admin user
N/A
R#40446
Help information for configuration of change to work in https is incorrect
Initial Release (5.3)
Link
Date Released
Status
Download 5.3
05 May 2011
Superseded
APAR
Internal ID
Description
PK84226
R#32602
Document that you cannot remove a central database once it has been assigned to a server.
PK85812
R#32953
Installation without a database path continues without error.
PK98875
R#33036
Running the CMMI Matrix Report format with certain process packages may result in an error.
PM01046
R#33308
HTTP error appears upon clicking the BasicTemplate link on the Perl API page.
PK92519
R#33638
Not all end-states are taken into account for parent/child check.
PK92530
R#33639
Notification trigger in ECP process should use the concluded_id attribute, not concluder.
PM01779
R#34693
Capitalized attribute names are not searchable from Advanced Search menu.
PM05468
R#35080
Security rules for the ‘caused_during’ attribute are inconsistent in Change ECP process.
PM06913
R#35279
Specifying an ‘&’ (ampersand) in a password for the local admin user during installation does not work.
PM06916
R#35281
Synergy backend sessions do not start when the password contains an ampersand directly after installing Change.
PM07277
R#35335
Some attributes are displayed twice in the bulk modify window.
PM13100
R#36222
Bulk transitions should respect required attributes of the FROM state show dialog.
PM13101
R#36223
Don’t show a transition dialog for dialogless transitions during a bulk transition.
PM15426
R#36572
Unable to transition RCR to rejected state.
PM19464
R#37308
Status field containing Japanese characters is wrapped on an inline report.
PM26782
R#38589
Reference to lifecycle attribute in Admin Guide is obsolete.
PM27400
R#38727
Inability to align attributes to the left in sections.
PM27411
R#38728
Naming a state “Admin” crashes the Administration tab.
Table of Contents:
5.3.1 Fix Pack 2
5.3.1.1 Interim Fix 14
5.3.1.1 Interim Fix 13
5.3.1.1 Interim Fix 12
5.3.1.1 Interim Fix 11
5.3.1.1 Interim Fix 10
5.3.1.1 Interim Fix 9
5.3.1.1 Interim Fix 8
5.3.1.1 Interim Fix 7
5.3.1.1 Interim Fix 6
5.3.1.1 Interim Fix 5
5.3.1.1 Interim Fix 4
5.3.1.1 Interim Fix 3
5.3.1.1 Interim Fix 2
5.3.1.1 Interim Fix 1
5.3.1 Fix Pack 1
5.3.1 Fix Pack 2
Link
Date Released
Status
Download 5.3.1.2
29 March 2018
Current
APAR
Internal ID
Description
PI88115
R#47235
RATIONAL CHANGE LIFECYCLE EDITOR BECOMES UNUSABLE AFTER ATTEMPTING TO SET A TRANSITION TO BE THE PRIMARY TRANSITION
PI93499
R#47286
USER HOME PAGES DISAPPEAR FROM RATIONAL CHANGE USER INTERFACE AFTER 5.3.1.1 IFIX 14 APPLIED
Interim Fix 13 (5.3.1.1_iFix014)
Link
Date Released
Status
Download 5.3.1.1_iFix014
21 December 2017
Superseded
APAR
Internal ID
Description
PI89730
R#47250
IN RATIONAL CHANGE ADMIN INTERFACE IN CURRENT SYSTEM LOAD SECTION THE INDIVIDUAL SESSIONS ARE NOT DISPLAYED
Interim Fix 13 (5.3.1.1_iFix013)
Link
Date Released
Status
Download 5.3.1.1_iFix013
18 September 2017
Superseded
APAR
Internal ID
Description
PI84718
R#47206
NON ADMIN USER SHOWN AS ADMIN UNDER STATUS SUMMARY TAB OF RATIONAL CHANGE
PI83972
R#47207
RUNNING AN MS EXCEL REPORT IN RATIONAL CHANGE ADDS NEW CELLS BEFORE AND AFTER INDENTED TEXT OR TEXT WITH OTHER FORMATTING STYLE.
Interim Fix 12 (5.3.1.1_iFix012)
Link
Date Released
Status
Download 5.3.1.1_iFix012
18 May 2017
Superseded
APAR
Internal ID
Description
PI79180
R#47184
UNABLE TO ENTER INTEGER VALUE FOR AN ATTRIBUTE WITH WEBTYPE “CCM _NUMBER” AND DBTYPE “INTEGER” IN “DOORS_OSLC_PROCESS_10” PACKAGE
PI79946
R#47189
IMPORTING TEXT INTO A RATIONAL CHANGE CCM_EXTENDED_TEXT ATTRIBUTE USING THE CHANGE PERL API STRIPS THE TEXT OF ITS FORMATTING
Interim Fix 11 (5.3.1.1_iFix011)
Link
Date Released
Status
Download 5.3.1.1_iFix011
16 Mar 2017
Superseded
APAR
Internal ID
Description
N/A
R#46974
Add support to Java web start.
PI75315
R#47157
OSLC PUT REQUEST FAILS TO UPDATE ATTRIBUTES OF TYPE CCM_TEXT
PI77577
R#47166
MESSAGE “GETEOLCHAR: BROWSER OS NOT LISTED:AGENTNAME/0.1LIBWWW-PERL/5.803” REPORTED IN THE EVENT.LOG
N/A
R#47170
Attaching a Cr is allowed through web service API even if the CR is in a closed state.
Interim Fix 10 (5.3.1.1_iFix010)
Link
Date Released
Status
Download 5.3.1.1_iFix010
20 Dec 2016
Superseded
APAR
Internal ID
Description
PI70208
R#47115
ADDING A LINK TO A CHANGE CR IN DOORS NEXT GENERATION FAILS WITH CRRRW7255E.
PI70921
R#47126
SEARCH ON USER ACTION PANEL DOES NOT ALWAYS RETURN EXPECTED RESULTS
Interim Fix 9 (5.3.1.1_iFix009)
Link
Date Released
Status
Download 5.3.1.1_iFix009
15 Oct 2016
Superseded
APAR
Internal ID
Description
N/A
R#47116
Certificate used to sign applet jar is revoked.
Interim Fix 8 (5.3.1.1_iFix008)
Link
Date Released
Status
Download 5.3.1.1_iFix008
22 Sep 2016
Superseded
APAR
Internal ID
Description
PI58971
R#47007
DELETING A RATIONAL DOORS TO CHANGE OSLC LINK IN DOORS DOES NOT DELETE THE IMPLEMENTSREQUIREMENT LINK IN CHANGE
PI61595
R#47044
RATIONAL CHANGE PERL API TRIGGERS NOT WORKING WITH TLSV1.2
PI63884
R#47064
CREATE/ADD A CR FROM A REQUIREMENT IN DNG FAILS WITH “CRCHG1378E UNKNOWN DIALOG”
N/A
R#47072
Workaround to the escalation 50815: Avoid storing shared preferences data in RDS and use local cache to store them.
PI67435
R#47094
USING SECURE PORT AND META-GROUPS DOES NOT WORK IN CHANGE 5.3.1
PI67880
R#47100
USER NAME IS NOT SHOWN WHEN E-SIGNATURE IS DISPLAYED.
N/A
R#47102
For locked users in RDS, message need to be changed in Change interface.
Interim Fix 7 (5.3.1.1_iFix007)
Link
Date Released
Status
Download 5.3.1.1_iFix007
23 June 2016
Superseded
APAR
Internal ID
Description
PI62455
R#47049
MATRIX REPORT FAILS WITH A LARGE NUMBER OF CRS
PI62212
R#47047
SETTING REPORT_PROGRESS_INFO TO TRUE BREAKS MATRIX FORMATTED REPORTS
PI62676
R#47053
RTF FILE IS CORRUPT- IN RTF REPORTS AFTER APPLYING IFIXS 05 AND 06 SEE ESC 50376
PI62789
R#47054
RATIONAL CHANGE 5.3.1 REPORT FORMATS USING LISTBOX SORT TYPE NOT SORTED FOR EXTERNAL LISTBOX
PI58942
R#47006
USERS ARE NOT NOTIFIED BY AN EMAIL WHEN THEY ARE ASSIGNED AS THE EVALUATOR OF A CR.
PI60392
R#47031
SET_ATTRIBUTE.JS POST-TRANSITION TRIGGER FAILS IN ECP PROCESS
PI53557
R#46942
ADDING SERVER NAME TO COMPATIBILITY VIEW IN INTERNET EXPLORER 11 SHOULD NOT BE REQUIRED.
PI61102
R#47037
NOTIFICATION EMAILS ARE NOT SENT BY TRANSITION_NOTICE.PL WHEN CURRENT USER IS THE RESOLVER
PI61374
R#47041
MODIFICATION OF THE VALUE OF A TASK CUSTOM BOOLEAN ATTRIBUTE STILL DOES NOT WORK.
PI63201
R#47057
RATIONAL CHANGE 5.3.1.1 IFIX 06 IS NOT TERMINATING THREADS STARTED BY A TRIGGER PROCESS
PI62416
R#47048
DOCUMENTATION ABOUT THE XMX IN RATIONAL CHANGE 5.3.1 IS NOT UPTO DATE
PI62675
R#47052
ADDING A ‘NEW IMPLEMENTED BY’ LINK IN A RATIONAL DOORS OBJECT TO A RATIONAL CHANGE CR FAILS
Interim Fix 6 (5.3.1.1_iFix006)
Link
Date Released
Status
Download 5.3.1.1_iFix006
23 March 2016
Superseded
APAR
Internal ID
Description
PI53499
R#46937
“INSERT NAME AND TIMESTAMP” FEATURE IN ECP PROCESS FAILS WITH INTERNET EXPLORER 11
PI53500
R#46938
“SAVING CHANGE REQUEST PROCESS” DIALOG LOADS ENDLESSLY FOR ECP_PROCESS.XML IN IE 11
PI53500
R#46945
THE CREATEOBJECTATTRIBUTESÂ FUNCTION IN THE CHANGE PERL APIÂ DOES NOTÂ WORK
PI56613
R#46989
REPORTS WITH RTF FORMAT ONLY DISPLAYS THE RTF CODE IN MS WORD.
PI54410
R#46954
A LENGTHY ERROR MESSAGE RETURNED FROM A PERL TRIGGER SCRIPT CAN CAUSE RATIONAL CHANGE TRANSITION TO HANG
PI56883
R#46994
EFFORT PROGRESS BAR NOT DISPLAYING CORRECTLY FOR A CR
PI57414
R#46999
ADDING A PREVIOUSLY DELETED IMPLEMENTED BY LINK ADDS A SECOND BACKLINK IN THE SAME IBM RATIONAL CHANGE CR
Interim Fix 5 (5.3.1.1_iFix005)
Link
Date Released
Status
Download 5.3.1.1_iFix005
10 December 2015
Superseded
APAR
Internal ID
Description
PI42625
R#46781
SECTIONAL PAGE NAVIGATION NOT BEHAVING AS EXPECTED
PI47531
R#46854
CUSTOM BOOLEAN TASK ATTRIBUTE NOT HANDLED PROPERLY WITH THE TRIGGER CREATE_ASSOCIATED_TASK.JS
N/A
R#46905
SHARED REPORT IMMEDIATELY EXECUTION, “A SERVER ERROR HAS OCCURRED”
PI52614
R#46922
THE STATE OF A CHANGE DATABASE CHANGES AFTER A RESTART OF RATIONAL CHANGE
Interim Fix 4 (5.3.1.1_iFix004)
Link
Date Released
Status
Download 5.3.1.1_iFix004
23 September 2015
Superseded
APAR
Internal ID
Description
N/A
R#46319
Report Format Display when ‘run immediately’ does not use defined formatting
N/A
R#46612
Subscriber full name replaced by user login in Edit CR Subscription List dialog
N/A
R#46627
Submitters name not showing up using annotated text via email URL to access CR
N/A
R#46704
Wrong config key is used while showing external list box values in Queries tab
N/A
R#46774
JSON file parsing issue in Dynamic required attributes feature.
N/A
R#46833
[5311-04]: NPE observed while edtiting the report in homepage.
PI36465
R#46554
PreferenceNameSubstitutionForAllUsers deletes old preferences if a new preference already exists
PI37180
R#46575
transition_notice.pl needs to be tweaked to handle all email configurations properly
PI37285
R#46582
Particular user is unable to access CRs after saving a favorite user
PI38761
R#46624
Bulk transitions fails when one or more related CRs are not in required state
PI39242
R#46636
CCM_DATE attribute is missing the SUB_ATTR_ prefix resp. suffix
PI40716
R#46696
Obsolete http setup instructions in Rational Change 5.3.1.1 Knowledgecenter
PI41439
R#46731
Rational Change groups page error “com.telelogic.tds.engine.ldap.jndi.TDSUser incompatible …”
PI42230
R#46782
SUBMIT FORM FOR CR NOT AUTOPOPULATING USER DATA FROM RDS DATABASE AS EXPECTED
PI43688
R#46765
EXTERNAL LISTBOX SCRIPT BASELINEINFO.JS FAILS
PI44179
R#46771
THE ‘WHAT TASKS ARE NOT IN THE LATEST BUILD?’ QUERY BROKEN IN RATIONAL CHANGE 5.3 AND 5.3.1
PI44230
R#46783
IBM KNOWLEDGE CENTER DOCUMENTATION ON CONFIGURING CHANGE FOR SSH/TLS IS INCORRECT AND OUTDATED
PI44586
R#46784
PERL API CONFUSE THE ACTIONS OF TWO PARALLEL RUNNING OPERATIONS
PI44662
R#46785
BASELINEINFO.JS DOES NOT REPORT ANY RELEASE FOR THE TARGET_RELEASE IN THE ECP PACKAGE WITH CHANGE 5.3…1.1.IFIX03
PI45701
R#46779
CANNOT CREATE MULTIPLE IMPELEMENTED BY LINKS TO CR IN RATIONAL CHANGE
PI47024
R#46845
CORPORATE USERS NOT ABLE TO LOGIN TO CHANGE ADMIN INTERFACE WITH ACTIVE “DYNAMIC PRIVILEGES WITH PROJECT SECURITY” FEATURE
Interim Fix 3 (5.3.1.1_iFix003)
Link
Date Released
Status
Download 5.3.1.1_iFix003
26 March 2015
Superseded
APAR
Internal ID
Description
N/A
R#40772
Ability to use password ressource file in login CSAPI function to avoid unencrypted passwords in files
N/A
R#45890
IE 11 Compatible mode - back button of browser of IE11 does not work as intended
N/A
R#46012
Home page browsable queries are not working in IE 11 compatibility mode
N/A
R#46261
Browse query fails
N/A
R#46304
submission of a CR results in error ‘unknown attribute type’
N/A
R#46305
Unable to redefine Query limits for reports with Block Reports
N/A
R#46335
Entering a comment with …/ will cause entry to be ignored by IBM Rational Change when saving CR
PI29136
R#46347
Upper-case AD username and lower-case Change username issues
N/A
R#46390
ldap.user_group_refresh_interval_mins=0 is ignored
N/A
R#46433
Open Source Direct Web Remoting vulnerability - Reported in 11/14/2014 X-Force Report
PI33297
R#46468
Rational Change Query Issue:Failed to convert user
PI33391
R#46472
Cookie not cleared upon logout using Change
N/A
R#46490
Pagination in relational report option fails when using “immediately run report” option
PI34624
R#46500
Change configured with https fails to open Synergy dialogs
PI34899
R#46510
After upgrade displaying a CR reports ParseWsletBuffer WsletException
N/A
R#46526
Rational Change 5.3.1.1 Word Block reports display special characters (Umlauts) incorrectly
Interim Fix 2 (5.3.1.1_iFix002)
Link
Date Released
Status
Download 5.3.1.1_iFix002
19 August 2014
Superseded
APAR
Internal ID
Description
N/A
R#46084
Critical Security Vulnerability in RDS Client library. Review Security Bulletin: Critical Security Vulnerability in RDS Client library affecting Rational Change (CVE-2014-3089) for details.
PI21781
R#46104
Certain character patterns cause text fields to appear blank after submission
PI21826
R#46106
CCM_DATE control in Rational Change 5.3.1.1 ifix 001 broken
N/A
R#46150
Change login works with wrong case username
PI23450
R#46153
unable to set default value on submission dialog for attribute
PI20491
R#46043
Change 5.3.1 vulnerable to ‘clickjacking’
Interim Fix 1 (5.3.1.1_iFix001)
Link
Date Released
Status
Download 5.3.1.1_iFix001
26 June 2014
Superseded
APAR
Internal ID
Description
N/A
R#45793
Add security tech notes link to “Security Considerations” in Change help.
PI15623
R#45876
Running an MS Excel report in Rational Change adds new cells before and after indented text
PI15714
R#45880
Changing Java maximum heap size for Jetty on Unix incorrectly documented
N/A
R#45886
mirrored_attribute of type time does not use the format of CCM_DATE attribute
PI16257
R#45901
Homepages with (German) umlaut characters do not display correctly
PI16933
R#45924
Bad warning when modifying CCM_EXTENDED_TEXT webtype in Lifecycle Editor
N/A
R#45940
Saving process .xml hangs due to validation.js file
PI17595
R#45947
ECP_MULTISELECT Inherit problem
N/A
R#45952
Calendar widget not displaying correctly in Change 5.3.1.1
PI18914
R#45993
Backlinks not created from test execution record in RQM to Rational Change using OSLC
PI19937
R#46031
Password Field with Autocomplete Enabled
Fix Pack 1 (5.3.1.1)
Link
Date Released
Status
Download 5.3.1.1
27 March 2014
Superseded
APAR
Internal ID
Description
N/A
R#45489
Rational Change shows warning “This application will be blocked in a future Java security update …”
N/A
R#45491
Ok to “Discard Edit” does not remove the unsaved modification when a task is also created
PI08627
R#45539
Rational Change install log “Failed to execute registry command, cannot read or write to registry” warning
PI08690
R#45543
Generating a process package using IBM Rational Change floods event.log with PTGenerate: Invalid Action errors
N/A
R#45566
Missing Token Error in Change event log
PI10195
R#45609
OSLC URL “https://[Server]/change/oslc/db/[DB]/role/User/shape/change_request” is failing to return data
N/A
R#45633
Certificate used to digitally sign applet expires on March 2014
N/A
R#45649
Embedded URL within email may not be accessible to recipient.
PI11355
R#45653
Running an IBM Rational Change advanced search fails and returns an error in MS Internet Explorer
N/A
R#45673
Security issues reported by AppScan on scanning 5.3.1.1
PI11679
R#45674
Rational Change users get the Rational Change login screen for every MS Excel report hyperlink they select
PI13933
R#45812
CHANGE_HOME/jetty/bin/jetty.sh is missing the line JETTY_RUN=$JETTY_HOME
Mod Pack 1 (5.3.1)
Link
Date Released
Status
Download 5.3.1
21 November 2013
Superseded
APAR
Internal ID
Description
PM43215
R#40868
Installing change fails with error: Failed to copy integrations directory to Change run area.
PM62150
R#42763
Value of NULL shows up in label below chart in Trend Analysis with Value breakdown graph
PM64888
R#43014
Problems setting value for ‘purpose’ listbox attribute
PM66266
R#43106
Should be able to display whitespace in readonly text fields on show forms
PM70692
R#43429
Error message “CRCHG0956E Cannot identify listbox priority.” when clicking task
PM73590
R#43658
Logging of OS in Console Mode crashes the Change Service
PM75068
R#43704
REPORT_LINKS_USE_TOKEN should be removed from all controls
PM75217
R#43755
Behavior of ‘Delete’ for Attachments is incorrect when Read-Write security is enabled
PM84635
R#44302
Select and Copy is not available for ‘Home Page’ reports.
PM95358
R#44995
User required to login to popup dialogs when switching databases
N/A
R#40505
Unable to do number comparisons in Change Query dialog
N/A
R#43800
As a Change administrator I want to configure dynamically required attribute on Change server
N/A
R#43857
As a Change user I want DRA rules to be applied on various forms in Change like Show, Submit and Transition forms
N/A
R#44037
As a Change Administrator, I want DRA rules to map to specific lifecycle / CR process while enforcing DRA rules for a user
N/A
R#44478
Documentation: Dynamic required attributes
N/A
R#43138
Dojo Framework outdated
N/A
R#44300
IE10 Support for Change/Synergy
N/A
R$44829
Allow homepages to be database specific
N/A
R#44842
Mechanism to allow a user to select specific home page reports to run on load of the home page
N/A
R#42410
OPC: Documentation needed for Change installation in secure envrionments
N/A
R#42412
OPC - Documentation is vague and should be expanded on security rules for lifecycle customization.
N/A
R#43816
A Query With No Matches Does Not Need to Display the Query Text
N/A
R#33076
Bundle Jetty 8.1.3 with the Change installer
N/A
R#44117
Remove tokens from URLs used in internal action links
N/A
R#45223
Upgrade the RCL client libraries to 8.1.3.3 version for all platforms
N/A
R#44531
(UTF-8) Japanese name query/format is unable to be set as home page.
N/A
R#44930
The crAssignEmail.pl hangs if there is no reference to resolver in LDAP
N/A
R#45005
Translate Change 5.3.1 in Japanese and Chinese
N/A
R#45008
modifyObjectattribute API doesnot log the info to transition log
N/A
R#45237
When Change consumes RTC OSLC services, backlink on RTC does not get created
N/A
R#31132
Chart Legends show ellipsis (…) even if it is not desired
N/A
R#31281
Database name shown as null on trends chart
N/A
R#40897
Change-SA OSLC integraion: Description field is readonly in Submit CR dialog
N/A
R#41684
Problems with Installer dialog in both languages.
N/A
R#43641
OSLC state predicates are not defined for dev_process
N/A
R#43730
RRC fails to allow users to update “Desc” field while CREATING a “Rational Change” artifact thru link type “Implemented By” and "Tracked By". This function blocks SAVE operation.
N/A
R$44075
Transition to new cryptographic standards is required for SWG products - by 2013
N/A
R#44215
OSLC Picker for Rational Change inserts %20 instead of spaces
N/A
R#44406
Session Sharing implementation in Rational Change
N/A
R#44441
Security considerations - Change IC topic
N/A
R#44520
Change Trigger API object is not available for external listbox.
N/A
R#44650
Maintain unique attachment names
N/A
R#44651
Check-in “RDS_Tivoli_521_ifix01” client libraries.
N/A
R#44665
R#44075: Change the encryption algorithm from PBEWithMD5AndDES to AES
N/A
R$44715
R#44075: Enable TLS 1.2 and be prepared to disable protocols less than TLS 1.2
N/A
R#44758
Merge ECP_process_1.xml with ECP_process.xml
N/A
R#44970
Matrix report is missing the part of the attribute name surrounding by the brackets
N/A
R#45010
Queries with ‘<’ or ‘>’ in their names fail
N/A
R#45037
Rdf generated for Change OSCL has invalid value for rdf:Id
N/A
R#45039
Associated tasks limit does not warn any longer when limit is exceeded.
N/A
R#45043
No results returned when quering tracksChangeSet through OSLC on a stand alone Change server
N/A
R#45091
Make RDF generated by Change valid.
N/A
R#45344
Documentation updates required for Change. Synergy and Integrations.
N/A
R#45074
PreTVT:Chinese characters in installation panel are not clear enough to read
N/A
R#45172
ModifyObjectAttributes api has missing ; in the stated example
N/A
R#45389
Sign applet jar with timestamp.
Table of Contents:
5.3.2 Fix Pack 5
5.3.2.4 Interim Fix 01
5.3.2 Fix Pack 4
5.3.2 Fix Pack 3
5.3.2 Fix Pack 2
5.3.2.1 Interim Fix 01
5.3.2 Fix Pack 1
5.3 Mod Pack 2
5.3.2 Fix Pack 5
Link
Date Released
Status
Download 5.3.2.5
30 September 2022
Current
APAR
Internal ID
Description
PH43246
R#47631
RATIONAL CHANGE USER INTERFACE SHOWS ‘HTTP ERROR 500’ WHEN DEFAULT HOME PAGE IS SELECTED
PH43875
R#47644
RATIONAL CHANGE 5.3.2 PROCESS PACKAGE UNINSTALLATION FAILS ON WINDOWS 2016
PH33172
R#47642
LOGGING INTO RATIONAL CHANGE USING A DATABASE THAT HAS A SPACE IN ITS LABEL RESULTS IN HTTP ERROR 500
PH09743
R#47638
THE ‘INSERT NAME AND TIMESTAMP’ BUTTON IN RATIONAL CHANGE ECP ENTERS DATA TO WRONG LOCATION WHEN USING INTERNET EXPLORER 11
PH14268
R#47641
CCM_DATE FIELD IS INCORRECTLY UPDATED BY HITTING ENTER KEY IN AN IRRELEVANT TEXT FIELD
PH17391
R#47643
INSTALLING A REPOR 5.3.1 REPORT BUILDER FAILS WITH ERROR CRCHG0559ET FROM BASIC_SUMMARY.XML IN RATIONAL CHANGE
PH30617
R#47645
ANY PRIVILEGE ADDED TO ECP_PROCESS WILL NOT BE AVAILABLE UNDER RATIONAL CHANGE USER MANAGEMENT
PI99783
NA
RATIONAL CHANGE “APPLICATION BLOCKED BY JAVA SECURITY” MESSAGE IN RATIONAL CHANGE 5.3.1.2
PH45454
R#47635
RATIONAL CHANGE 5.3.2.3 MULTI-LINE TEXT IN A DBTYPE:TEXT ATTRIBUTE IS SHOWN IN A SINGLE LINE WHEN READ-ONLY
PH46625
R#47671
RUNNING MS EXCEL REPORT IN RATIONAL CHANGE ADDS NEW CELLS BEFORE AND AFTER INDENTED TEXT
PH48234
R#47651
NEW HOMEPAGES CANNOT BE CREATED IN RATIONAL CHANGE 5.3.2.X USING RECENT CHROME OR EDGE BROWSER VERSIONS
PH48342
R#47681
IN RATIONAL CHANGE 5.3.2.3 FILE ENGINE.JS, UTIL.JS AND QUICK_SEARCH.JS WERE CHANGED
Interim Fix 1 (5.3.2.4_iFix001)
Link
Date Released
Status
Download 5.3.2.4_iFix001
04 March 2022
Superseded
APAR
Internal ID
Description
PH47085
R#47650
RATIONAL CHANGE 5.3.2 VULNERABILITY TO CVE-2021-4104
5.3.2 Fix Pack 4
Link
Date Released
Status
Download 5.3.2.4
15 December 2021
Superseded
APAR
Internal ID
Description
PH41198
R#47624
NEW PROCESS SPECIFIC HELP IMPROVEMENTS
PH40360
R#47603
CREATING PROCESS PACKAGE FAILS WITH “FAILED TO MERGE WITH PACKAGE” IN RATIONAL CHANGE 5.3.2.3
PH38363
R#47618
LOGIN TO RATIONAL CHANGE 5.3.2.X WITH 3RD-PARTY LDAP FAILS WITH EMPTY ERROR MESSAGE WHEN USING WRONG USERID OR PASSWORD.
PH41029
R#47622
USER HOME PAGES DISAPPEAR FROM RATIONAL CHANGE 5.3.2 USER INTERFACE WHEN USING RDS 5.2.1 FOR USER AUTHENTICATION
PH29944
R#47621
ERRONEOUS COMMA IN CHANGE_HOME\JETTY\WEBAPPS\CHANGE\TRAPEZE\JS531\CUSTOMDOJO\BROWSECRTREE.JS
PH39395
NA
RATIONAL CHANGE 5.3.2.3 PACKAGE CREATION WRONGLY CREATES AN IMAGE FILE IN $CHANGE_HOME/JETTY
5.3.2 Fix Pack 3
Link
Date Released
Status
Download 5.3.2.3
25 June 2021
Superseded
APAR
Internal ID
Description
PH11898
R#47588
CANNOT EDIT THE EXISTING STANDARD HOME PAGES IN RATIONAL CHANGE WHEN [CCM_SYSTEM][SUPPORT_TASKS] IN PT.CFG FILE IS SET TO FALSE.
PH30871
R#47587
UNINSTALLING ECP_PROCESS PACKAGE FAILS IN RATIONAL CHANGE 5.3.2 ON WINDOWS 2016.
PH08909
R#47589
MESSAGE IN A EXCEL FORMAT REPORT IS GARBLED.
PI98963
R#47592
EDITING A TASK OR PROBLEM TEXT ATTRIBUTE IN RATIONAL CHANGE WILL ADD A CARRIAGE RETURN BEFORE THE NEWLINE.
5.3.2 Fix Pack 2
Link
Date Released
Status
Download 5.3.2.2
01 December 2020
Superseded
APAR
Internal ID
Description
PI93499
NA
User Home pages disappear from Rational Change user interface after 5.3.1.1 iFix 14 applied.
Interim Fix 1 (5.3.2.1_iFix001)
Link
Date Released
Status
Download 5.3.2.1_iFix001
07 September 2020
Superseded
APAR
Internal ID
Description
PH24338
R#47498
CROSS-SITE SCRIPTING VULNERABILITIES PRESENT IN RATIONAL CHANGE 5.3.1.1 AND 5.3.1.2.
PH24346
R#47498
VULNERABILITIES FOUND IN CHANGE DURING PENETRATION TESTING.
5.3.2 Fix Pack 1
Link
Date Released
Status
Download 5.3.2.1
14 August 2020
Superseded
APAR
Internal ID
Description
N/A
Mod Pack 2 (5.3.2)
Link
Date Released
Status
Download 5.3.2
23 JUNE 2020
Superseded
APAR
Internal ID
Description
N/A
R#47439
With Eclipse-Change integration, Change CR’s are getting populated in Eclipse.
N/A
R#47431
HTTPS configuration is supported with Change.
Related news
Red Hat Security Advisory 2024-5856-03 - A security update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include HTTP request smuggling, bypass, code execution, denial of service, deserialization, and remote SQL injection vulnerabilities.
Gentoo Linux Security Advisory 202312-2 - A vulnerability has been found in Minecraft Server which leads to remote code execution. Versions greater than or equal to 1.18.1 are affected.
Gentoo Linux Security Advisory 202310-16 - A vulnerability has been discovered in unifi where bundled log4j can facilitate a remote code execution Versions greater than or equal to 6.5.55 are affected.
A financially motivated threat actor has been outed as an initial access broker (IAB) that sells access to compromised organizations for other adversaries to conduct follow-on attacks such as ransomware. SecureWorks Counter Threat Unit (CTU) has dubbed the e-crime group Gold Melody, which is also known by the names Prophet Spider (CrowdStrike) and UNC961 (Mandiant). "This financially motivated
Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...
Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulnerability. An attacker with privileges same as a legitimate user can phish the legitimate the user to redirect to malicious website leading to information disclosure and launch of phishing attacks.
Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: E-Business Collections). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Demantra Demand Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).
Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
A security vulnerability has been identified in Apache Kafka. It affects all releases since 2.8.0. The vulnerability allows malicious unauthenticated clients to allocate large amounts of memory on brokers. This can lead to brokers hitting OutOfMemoryException and causing denial of service. Example scenarios: - Kafka cluster without authentication: Any clients able to establish a network connection to a broker can trigger the issue. - Kafka cluster with SASL authentication: Any clients able to establish a network connection to a broker, without the need for valid SASL credentials, can trigger the issue. - Kafka cluster with TLS authentication: Only clients able to successfully authenticate via TLS can trigger the issue. We advise the users to upgrade the Kafka installations to one of the 3.2.3, 3.1.2, 3.0.2, 2.8.2 versions.
Gentoo Linux Security Advisory 202209-2 - Multiple vulnerabilities have been discovered in IBM Spectrum Protect, the worst of which could result in arbitrary code execution. Versions less than 8.1.13.3 are affected.
Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). The supported version that is affected is 14.5. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Trade Finance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Trade Finance accessible data as well as unauthorized access to critical data or complete access to all Oracle Banking Trade Finance accessible data. CVSS 3.1 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N).
A security update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-13935: tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS * CVE-2020-14384: jbossweb: Incomplete fix of CVE-2020-13935 for WebSocket in JBossWeb could lead to DoS * CVE-2021-4104: log4j: Remote code execution in Log4j 1.x when application is configured to use JM...
A security update is now available for Red Hat JBoss Enterprise Application Platform 6.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-13935: tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS * CVE-2020-14384: jbossweb: Incomplete fix of CVE-2020-13935 for WebSocket in JBossWeb could lead to DoS * CVE-2021-4104: log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender * CVE-2022-23302: log...
Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality." A vulnerability in Mitel 6800 Series and 6900 Series SIP phones excluding 6970, versions 5.1 SP8 (5.1.0.8016) and earlier, and 6.0 (6.0.0.368) through 6.1 HF4 (6.1.0.165), could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution.
Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality." A vulnerability in Mitel 6800 Series and 6900 Series SIP phones excluding 6970, versions 5.1 SP8 (5.1.0.8016) and earlier, and 6.0 (6.0.0.368) through 6.1 HF4 (6.1.0.165), could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution.
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, there is a potential for a cross-site scripting vulnerability in ESAPI caused by a incorrect regular expression for "onsiteURL" in the **antisamy-esapi.xml** configuration file that can cause "javascript:" URLs to fail to be correctly sanitized. This issue is patched in ESAPI 2.3.0.0. As a workaround, manually edit the **antisamy-esapi.xml** configuration files to change the "onsiteURL" regular expression. More information about remediation of the vulnerability, including the workaround, is available in the maintainers' release notes and security bulletin.
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service ...
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).
An issue was discovered in Wind River VxWorks 7. The memory allocator has a possible integer overflow in calculating a memory block's size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/A...
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. Note: CVE-2017-3600 is equivalent to CVE-2016-5483. CVSS 3.0 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).
Unspecified vulnerability in Oracle MySQL 5.5.50 and earlier, 5.6.31 and earlier, and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to DML.
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6493, CVE-2014-6503, and CVE-2014-6532.
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER.
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR.