Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2012-2160: Fix List for Rational Change

IBM Rational Change 5.3 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using the SUPP_TEMPLATE_FLAG parameter in a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

CVE
#xss#vulnerability#web#windows#apple#dos#apache#js#git#java#perl#ldap#auth#ssh#ibm#chrome#firefox#sap#ssl

IBM Rational Software Support Communities

  • Visit the IBM Support Portal to configure your support portal experience and review FAQs, lists of known problems, fixes, and a wealth of important support information.
  • Visit developerWorks to access an online collection of tutorials, sample code, standards, forums and other resources provided by experts at IBM to assist software developers using Rational tools including access to the IBM RFE Community.
  • Visit the Jazz Community if you use a Rational product created using the Jazz platform to interact directly with the Jazz development team and other community members, download product trials and betas and track development progress.

Helpful Hints For Obtaining Technical Assistance:

Before you contact IBM Rational Software Support, gather the background information that you need to describe the problem. When you describe a problem to an IBM software support specialist, be as specific as possible and include all relevant background information so that the specialist can help you solve the problem efficiently. To save time, know the answers to these questions:

  • What software versions were you running when the problem occurred?
  • Do you have logs, traces, or messages that are related to the problem?
  • Can you reproduce the problem? If so, what steps do you take to reproduce it?
  • Is there a workaround for the problem? If so, be prepared to describe the workaround.

If you have helpful information to diagnose or identify the problem on your system, you can provide this data by following the instructions to exchange information with IBM Technical Support.

Table of Contents:

5.2.0.8 Interim Fix 7

5.2.0.8 Interim Fix 6

5.2.0.8 Interim Fix 5

5.2.0.8 Interim Fix 4

5.2.0.8 Interim Fix 3

5.2.0.8 Interim Fix 2

5.2.0.8 Interim Fix 1

5.2 Fix Pack 8

5.2 Fix Pack 7

5.2 Fix Pack 6

5.2 Fix Pack 5

5.2 Fix Pack 4

5.2 Fix Pack 3

5.2 Fix Pack 2

5.2 Fix Pack 1

5.2 Release

Interim Fix 7 (5.2.0.8_iFix007)

Link

Date Released

Status

Download 5.2.0.8_iFix007

29 April 2015

Current

APAR

Internal ID

Description

N/A

R#46435

Open Source Direct Web Remoting vulnerability - Reported in 11/14/2014 X-Force Report

Interim Fix 6 (5.2.0.8_iFix006)

Link

Date Released

Status

Download 5.2.0.8_iFix006

06 November 2014

Optional

Interim Fix 5 (5.2.0.8_iFix005)

Link

Date Released

Status

Download 5.2.0.8_iFix005

19 August 2014

Superseded

Interim Fix 4 (5.2.0.8_iFix004)

Link

Date Released

Status

Download 5.2.0.8_iFix004

19 June 2014

Superseded

APAR

Internal ID

Description

PI14229

R#45830

Mirrored_attribute of type time does not use the format of CCM_DATE attribute

PI17254

R#45934

Saving process .xml hangs due to validation.js file

N/A

R#45780

Missing Token Error in Change 5.3.0.6

N/A

R#45870

Update applet jar to support Java 7 U51

N/A

R#45966

Open Source Apache Struts V1 ClassLoader manipulation vulnerability (CVE-2014-0114)

Interim Fix 3 (5.2.0.8_iFix003)

Link

Date Released

Status

Download 5.2.0.8_iFix003

19 December 2013

Superseded

APAR

Internal ID

Description

PI06946

R#45483

Rational Change shows warning “This application will be blocked in a future Java security update …”

PM98968

R#45337

Ok to “Discard Edit” does not remove the unsaved modification when a task is also created

Interim Fix 2 (5.2.0.8_iFix002)

Link

Date Released

Status

Download 5.2.0.8_iFix002

15 August 2013

Superseded

APAR

Internal ID

Description

PM90786

R#44627

The crAssignEmail.pl hangs if there is no reference to resolver in LDAP

PM90961

R#44637

Rational Change login for users puts “ERROR: Unexpected error while updating user’s groups” in event.log

PM92365

R#44744

Querying in on attribute that has dependencies incorrectly displays listbox dependency chain icon in query view

PM92736

R#44780

Users may be required to login twice after installing 5.2.0.8 iFix01

PM93602

R#44860

Report on dependent listbox requires login with 5.2.0.8 iFix01

PM94569

R#44939

Incorrect token being created for login dialog URL when presented in a popup window

Interim Fix 1 (5.2.0.8_iFix001)

Link

Date Released

Status

Download 5.2.0.8_iFix001

13 June 2013

Superseded

APAR

Internal ID

Description

PM75068

R#43740

Remove tokens from URLs used in internal action links. (This fix requires regeneration and reinstallation of your process package and you should reapply your customization if any to attribute control files. For more refer to Installation Instructions.)

N/A

R#44089

Dependent listbox set as CCM_HIDDEN prevents other dependent listbox from same parent to get dependent listbox values

N/A

R#44167

Change 5.2 becomes unresponsive and requires restart

N/A

R#44177

Can’t remove symbol character within CCM_NUMBER webtype value

N/A

R#44190

License process port on Change server is not updated when the port is in use

N/A

R#44217

Session Sharing implementation in Rational Change. To enable this feature refer to Implementing login session sharing in Rational Change

PM83991

R#44257

‘failed to read input’ when selecting Browser Version in query builder

PM85591

R#44365

IBM Rational Change error message “failed to checkout license, license server may not be running”

PM85591

R#44469

Change Trigger API object is not available for external listbox

PM88568

R#44524

modifyObjectattribute API doesnot log the info to transition log

PM88620

R#44526

(UTF-8) Japanese name query/format is unable to be set as home page.

PM89232

R#44556

Change-Base licenses are not released even after the user exits the application

N/A

R#44576

CR show form disrupted after recreating process package

N/A

R#44584

Maintain unique attachment names

N/A

R#44587

Check-in “RDS_Tivoli_521_ifix01” client libraries.

PM90427

R#44614

Matrix report is missing the part of the attribute name surrounding by the brackets

Fix Pack 8 (5.2.0.8)

Link

Date Released

Status

Download 5.2.0.8

20 December 2012

Superseded

APAR

Internal ID

Description

PM63405

R#42855

User can’t change Lifecycle attributes for a query using IE9

PM64556

R#42963

Square bracket characters should not be allowed in the listboxes content

PM67457

R#43196

Change report including RQM attributes shows unformatted data

N/A

R#43205

Excel report adds new rows before and after indented text

PM67924

R#43222

Incorrect extended character encoding in Home Pages after applying FixPack 5.2.0.7

N/A

R#43313

JSP violation for certain tomcat versions in change.

PM70503

R#43409

CJKT names are classified in “other” in the Favorite Users dialog. Add option to filter the users.

N/A

R#43412

Update web service API to return OSLC urls to tasks associated with the CR

N/A

R#43413

Update the RDS Libraries to address user not a member of meta group Exception

N/A

R#43422

Update web service API in Change to return OSLC urls for Change Requests

N/A

R#43444

Login fails if user name has space in it

PM71884

R#43532

Invalid “User_ID” or “Password” error seen when users are trying to login to Rational Change 5.2.0.7, RDS in corporate mode

PM73423

R#43646

Creating CR attachment via CSAPI writes internal attachment name to transition_log instead of display name

PM73937

R#43677

Valid OSLC XML data containing an ampersand is not handled properly in Change

N/A

R#43708

Process merge stripping off the PRE_TRIGGER and PRE_RELATION_TRIGGER_TYPE tags.

PM74902

R#43732

Matrix report HTML cannot display attribute which contains a pair of brackets.

PM75526

R#43771

RDS local users with RDS Apache 5.1.1.2 / synergy 7.1.0.6 iFix1 / change 5.2.0.7 still have authentication issues

PM75796

R#43780

“Fatal Servlet Error” when saving table in problem description field using Mozilla Firefox

PM76477

R#43829

Can’t remove symbol character within CCM_NUMBER web type value

PM77798

R#43925

from_db attribute in a CR show is not having any value set

N/A

R#43935

‘ConcurrentModificationException’ while accessing attribute control cache

Fix Pack 7 (5.2.0.7)

Link

Date Released

Status

Download 5.2.0.7

14 June 2012

Superseded

APAR

Internal ID

Description

N/A

R#33806

Unable to view email id of the user in the subscription list

N/A

R#41343

This correction, while not part of the Fix Pack proper, were made to the Information Center: Documentation needs to be updated to use correct JRE update by the client browsers in case of IE8

PM52628

R#41936

Section breaks are not placing attributes correctly

N/A

R#42033

PTDataListBox inconsistency when no there are no favorite users

N/A

R#42034

‘Help’ option missing on 'Manage Folder Security" dialog.

N/A

R#42109

Perl script: Task query directed at remote server but attempts to run on central server

PM55629

R#42157

BSF trigger on a boolean attribute returns ‘null’ instead of “false” or "true".

N/A

R#42254

DOORS Change Integration perfomance downgrade caused by large RDS group

N/A

R#42314

Line feeds not preserved if webtype differs at CRPocess and lifecycle levels

N/A

R#42453

Cookie is not getting set properly when accessing Change with url having hostname instead of ipaddress

N/A

R#42468

Synchronization server reports ‘userDisplayName is null’ while fetching the transition logs from change.

PM60110

R#42537

Jetty uses up almost 100% CPU when trying to read XML data from RDS

PM60489

R#42604

Shared preference cache should create the *.js/*.gz files.

PM60564

R#42612

Duplicate database IDs have been observed in OSLC interface

N/A

R#42768

Jetty Hashtable denial of service

PM62508

R#42786

Database and role login preferences missing in Change 5.2.0.6

PM63048

R#42837

The ‘New’ and ‘Add’ links for the Associated Tasks control require the crstatus attribute on the dialog

N/A

R#42914

Update RDS Client libraries to support MetaGroup functionality

N/A

R#42961

Mirrored attribute values causes UI inconsistency

PM64752

R#42996

Message “Successfully changed user privileges” is shown when the changes were not successfully saved

N/A

R#43004

Problems setting attribute value using Python scripting

N/A

R#43007

Enforcing ACLs while sending CR information via subscription notification causes unnecessary user sessions

PM65204

R#43033

DOORS module will be opened in read-only mode if another Synergy database is disabled.

N/A

R#43060

After upgrading my Synergy installation from 7105 to 7106, Change central-remote servers in https mode had communication errors.

N/A

R#43075

Defects in licensing code.

Fix Pack 6 (5.2.0.6)

Link

Date Released

Status

Download 5.2.0.6

15 December 2011

Superseded

Fix Pack 5 (5.2.0.5)

Link

Date Released

Status

Download 5.2.0.5

12 August 2011

Superseded

Fix Pack 4 (5.2.0.4)

Link

Date Released

Status

Download 5.2.0.4

17 September 2010

Superseded

Fix Pack 3 (5.2.0.3)

Link

Date Released

Status

Download 5.2.0.3

30 June 2010

Superseded

Fix Pack 2 (5.2.0.2)

Link

Date Released

Status

Download 5.2.0.2

18 December 2009

Superseded

Fix Pack 1 (5.2.0.1)

Link

Date Released

Status

Download 5.2.0.1

25 September 2009

Superseded

Initial Release (5.2)

Link

Date Released

Status

Download 5.2

25 September 2009

Superseded

Table of Contents:

5.3.0.6 Interim Fix 6

5.3.0.6 Interim Fix 5

5.3.0.6 Interim Fix 4

5.3.0.6 Interim Fix 3

5.3.0.6 Interim Fix 2

5.3.0.6 Interim Fix 1

5.3 Mod Pack 1

5.3 Fix Pack 6

5.3 Fix Pack 5

5.3 Fix Pack 4

5.3.0.3 Interim Fix 1

5.3 Fix Pack 3

5.3.0.2 Interim Fix 2

5.3.0.2 Interim Fix 1

5.3 Fix Pack 2

5.3 Fix Pack 1

5.3 Release

Interim Fix 6 (5.3.0.6_iFix006)

Link

Date Released

Status

Download 5.3.0.6_iFix006

15 Oct 2016

Current

APAR

Internal ID

Description

N/A

R#47117

Certificate used to sign applet jar is revoked.

Interim Fix 5 (5.3.0.6_iFix005)

Link

Date Released

Status

Download 5.3.0.6_iFix005

23 March 2016

Current

APAR

Internal ID

Description

PI50735

R#46904

SHARED REPORT IMMEDIATELY EXECUTION, “A SERVER ERROR HAS OCCURRED”

PI52614

R#46918

THE STATE OF A CHANGE DATABASE CHANGES AFTER A RESTART OF RATIONAL CHANGE

Interim Fix 4 (5.3.0.6_iFix004)

Link

Date Released

Status

Download 5.3.0.6_iFix004

04 June 2014

Superseded

APAR

Internal ID

Description

PI22573

R#46124

Report Format Display when ‘run immediately’ does not use defined formatting

PI31810

R#46427

Subscriber full name replaced by user login in Edit CR Subscription List dialog

R#46434

Open Source Direct Web Remoting vulnerability - Reported in 11/14/2014 X-Force Report

PI33545

R#46476

Pagination in relational report option fails when using “immediately run report” option

R#46595

Query Limit on Adhoc-Relational reports

PI38428

R#46614

Submitters name not showing up using annotated text via email URL to access CR

R#46626

Bulk transitions fails when one or more related CRs are not in required state

PI39715

R#46653

Change Task Query Throws Report Format error when using specific query

R#46703

CCM_DATE attribute is missing the SUB_ATTR_ prefix resp. suffix

Interim Fix 3 (5.3.0.6_iFix003)

Link

Date Released

Status

Download 5.3.0.6_iFix003

16 December 2014

Superseded

APAR

Internal ID

Description

PI13013

R#45745

Calendar widget not displaying correctly in Change 5.3.0.6

PI22662

R#46125

submission of a CR results in error ‘unknown attribute type’

PI22669

R#46126

Unable to redefine Query limits for reports with Block Reports

N/A

R#46149

Change login works with wrong case username

Interim Fix 2 (5.3.0.6_iFix002)

Link

Date Released

Status

Download 5.3.0.6_iFix002

30 July 2014

Superseded

APAR

Internal ID

Description

N/A

R#45938

Saving process .xml hangs due to validation.js file

N/A

R#45965

Open Source Apache Struts V1 ClassLoader manipulation vulnerability (CVE-2014-0114).

Interim Fix 1 (5.3.0.6_iFix001)

Link

Date Released

Status

Download 5.3.0.6_iFix001

20 March 2014

Superseded

APAR

Internal ID

Description

N/A

R#40165

Embedded URL within email may not be accessible to recipient.

PI06336

R#45452

Missing Token Error in Change 5.3.0.6

N/A

R#45488

Rational Change shows warning “This application will be blocked in a future Java security update …”

N/A

R#45490

Ok to “Discard Edit” does not remove the unsaved modification when a task is also created

N/A

R#45634

Certificate used to digitally sign applet expires on March 2014

Fix Pack 5 (5.3.0.6)

Link

Date Released

Status

Download 5.3.0.6

19 September 2013

Superseded

APAR

Internal ID

Description

PM76648

R#43846

Benign webpage error when displaying CR after applying 5.3.0.4

PM79590

R#44047

Defect: CRCHG0920E Login failed: com.telelogic.tds.engine.ldap.jndi.tdsrole. after 5.3.0.4 patch

PM89007

R#44545

Queries with ‘<’ or ‘>’ in their names fail

PM90818

R#44628

ccm_date attribute has a problem to show a calendar

PM91542

R#44667

Unable to change attribute’s web type from CCM_TEXT to CCM_HIDDEN in Copy Dialog

PM93180

R#44819

Associated tasks limit does not warn any longer when limit is exceeded.

PM93299

R#44825

Deletion of reports fails with ReportBuilder role

N/A

R#42131

No results returned when quering tracksChangeSet through OSLC on a stand alone Change server

N/A

R#42829

RTC login from Change is not so smooth the first time

N/A

R#43451

Change does not properly decode reserved HTML characters entity number

N/A

R#43557

Enabling project security and adding a few roles and then restarting the server shows the same role saved twice

N/A

R#44317

Rdf generated for Change OSCL has invalid value for rdf:Id

N/A

R#44367

‘failed to read input’ when selecting Browser Version in query builder

N/A

R#44405

Session Sharing implementation in Rational Change

N/A

R#44409

Remove tokens from URLs used in internal action links

N/A

R#44459

Change Remove Server 5305 does not start on RHEL6

N/A

R#44461

Change Trigger API object is not available for external listbox.

N/A

R#44530

(UTF-8) Japanese name query/format is unable to be set as home page.

N/A

R#44585

Maintain unique attachnames

N/A

R#44586

Change-Base licenses are not released even after the user exits the application

N/A

R#44641

Current versions of Javadoc generate HTML with embedded javascript that contains a frame-injection security vulnerability

N/A

R#44647

IBM Rational Change error message “failed to checkout license, license server may not be running”

N/A

R#44722

Rational Change 5.3.0.5 as a consumer of OSLC service from RTC 4.0.3 does not work

N/A

R#44790

Querying in on attribute that has dependencies incorrectly displays listbox dependency chain icon in query view

N/A

R#44929

The crAssignEmail.pl hangs if there is no reference to resolver in LDAP

N/A

R#44931

Report on dependent listbox requires login with 5.2.0.8 iFix01

N/A

R#44944

Error ‘XML Content cannot be parsed’ when a query is run

N/A

R#44971

Matrix report is missing the part of the attribute name surrounding by the brackets

N/A

R#45065

Security issues in Change 5.3.0.6 admin console

N/A

R#45066

Security issues in Change 5.3.0.6 user console

N/A

R#45077

Listbox icon is not shown for dependent listbox of CUSTOM webtype

N/A

R#45086

modifyObjectattribute API doesnot log the info to transition log

N/A

R#45107

Pop ups in editing a home page report is not working

N/A

R#45109

Users may be required to login twice after installing 5.2.0.8 iFix01

Fix Pack 5 (5.3.0.5)

Link

Date Released

Status

Download 5.3.0.5

14 March 2013

Superseded

APAR

Internal ID

Description

N/A

R#43467

Fetching transition-log from Change using web-services api fails if the transition log attribute value starts with a new line.

N/A

R#43558

Roles repeated even after deleting one of the duplicates and saving it

PM74162

R#43685

Event.log is filling up with ReportRunner messages

N/A

R#43786

Fatal Servlet Error when saving table in problem description field using Mozilla Firefox

N/A

R#43801

Matrix report HTML cannot display attribute which contains a pair of brackets.

N/A

R#43832

can’t remove symbol character within CCM_NUMBER webtype value

N/A

R#43906

Square bracket characters should not be allowed in the listboxes content

N/A

R#43933

from_db attribute in a CR show is not having any value set

PM78127

R#43942

Change 5.2 becomes unresponsive and requires restart

PM80198

R#44077

dependent listbox set as CCM_HIDDEN prevents other dependent listbox from same parent to get dependent listbox values

N/A

R#44155

CJKT names are classified in “other” in the Favorite Users dialog. Add option to filter the users

Fix Pack 4 (5.3.0.4)

Link

Date Released

Status

Download 5.3.0.4

20 September 2012

Superseded

APAR

Internal ID

Description

PM33010

R#39666

Change behavior of product regarding technote 1420147: Associated tasks are not visible in Change Request form

N/A

R#41039

More than one user count for the same user is shown on a database on the admin home page

N/A

R#41044

User count on database drops to 0

PM48131

R#41379

Change should support ordered list of license servers in license_data.txt

PM48167

R#41386

Excel Report adds new rows before and after indented text

N/A

R#41725

Change help - file not found error

N/A

R#41807

RC 5.3.0.2 ifix001: "HTTP status 404 -" displayed inpalace of IBM logo on helpserver

PM55315

R#42129

Provide valid error message when userid is locked

N/A

R#42547

Document about creating attribute named relatedChangeRequest for backlinks to work between RTC & Change.

N/A

R#42638

Documentation update needed for server rename in OSLC integrations.

PM62337

R#42777

Attachments in a Read Only CR are not displayed.

N/A

R#42783

Shared preference cache should create the *.js/*.gz files.

N/A

R#42821

PSIRT Advisory - Vulnerabilities in IBM Eclipse Help System

PM62968

R#42822

Problems setting attribute value using Python scripting

N/A

R#42868

Getting “Problem accessing /supraja/adminFormLoader.do.” on clicking Trends in the Home of the Admin Interface.

N/A

R#42915

Update RDS Client libraries to support Metagroup functionality

PM64395

R#42948

Up and down arrows to sort listbox values are missing in fix pack 5.3.0.3

N/A

R#42991

‘Help’ option missing on 'Manage Folder Security" dialog.

N/A

R#43017

Duplicate database IDs have been observed in OSLC interface

N/A

R#43023

Message “Successfully changed user privileges” is shown when the changes were not successfully saved

N/A

R#43061

DOORS module will be opened in read-only mode if another Synergy database is disabled.

PM65747

R#43078

Regression in attachment attribute “Allow Viewing of Associated Objects Only”

PM66049

R#43092

Process merge stripping off the PRE_TRIGGER and PRE_RELATION_TRIGGER_TYPE

N/A

R#43148

Synchronization server reports ‘userDisplayName is null’ while fetching the transition logs from change.

N/A

R#43150

The ‘New’ and ‘Add’ links for the Associated Tasks control require the crstatus attribute on the dialog

N/A

R#43152

Have Ajax capability to in-line reports.

N/A

R#43154

BSF trigger on a boolean attribute returns ‘null’ instead of “false” or “true”

N/A

R#43155

Enforcing ACLs while sending CR information via subscription notification causes unnecessary user sessions

N/A

R#43156

Defects in licensing code.

N/A

R#43208

Document upgrading Change on Jetty 8.1.3.

PM68494

R#43248

Removing a role for a user is not reflected in the Report tab

N/A

R#43230

Update the release value to 5.3.0.4

N/A

R#43331

Add a web service API in Change to return OSLC urls for Change Requests

N/A

R#43332

Add a web service API to return OSLC urls to tasks associated with the CR

PM69643

R#43339

Reporiting issues for Global Assignment for group “Everyone” in Rational Change

N/A

R#43427

Login fails if User name space has space in it

PM70687

R#43428

Debug message displayed in event log

N/A

R#43300

JSP violation for certain tomcat versions in change.

PM69384

R#43310

Coding issue in home_page_nav.jsp

N/A

R#43465

Allow removing of a link added to a OSLC_LINK type attribute

N/A

R#43476

Update Change 5.3.0.4 Japanese and Chinese language packs.

N/A

R#43493

Remove link for OSLC_LINK attributes is not working properly for RQM links

N/A

R#43502

User Locked out message dialog is empty

N/A

R#43580

Associated tasks for the Change Request are not displayed if multiple remote servers are associated to a central server

Interim Fix 1 (5.3.0.3_iFix001)

Link

Date Released

Status

Download 5.3.0.3_iFix001

17 May 2012

Superseded

APAR

Internal ID

Description

N/A

R#42080

Need to support server rename for June 2012 (CLM 2012 date)

N/A

R#42546

Cannot link RTC artifacts using “relatedChangeRequests” attribute of OSLC_LINK web type

PM62061

R#42756

Cross-Site Scripting security vulnerability

Fix Pack 3 (5.3.0.3)

Link

Date Released

Status

Download 5.3.0.3

15 March 2012

Superseded

APAR

Internal ID

Description

N/A

R#36888

OSLC prefilled submit dialogs truncate html chars

PM47125

R#41250

Error re-indexing indices in Rational Change

N/A

R#41284

Cookies to support SSL in Rational Change 5.2

PM47491

R#41304

Line feeds not preserved if webtype differs at CRPocess and lifecycle levels

N/A

R#41322

Not able to see attachments when project security is on.

N/A

R#41377

Unable to start Change session where RDS user name differs in case to database user name

N/A

R#41519

Error while executing perl API CreateCSObject

N/A

R#41546

CCM_RELATION Child cannot be created

PM50700

R#41709

Installation of 5.3.0.2 fails when the URL context is removed To apply this fix, take backups of properties directory from the rc5.3.0.3 patch object and CHANGE_APP_HOME. Delete it from the rc5.3.0.3 patch object before installing it. After installing the patch, manually copy the properties directory from the patch backed area to CHANGE_APP_HOME. While uninstalling rc5.3.0.3 patch, manually delete ‘Rational_Change.5.3.FP0.3.fxtag’ file from CHANGE_APP_HOME/properties/version directory and Add the previously backed up file from CHANGE_APP_HOME to CHANGE_APP_HOME/properties/version directory.

N/A

R#41922

Error “Session Pool Balancer” with Change

N/A

R#41925

Change-RTC sync fails if one of the mapped attributes is of type "time".

N/A

R#41931

Fatal Rational Change Servlet Error

N/A

R#41968

The comments field are not being updated from QC to CS after performing the ‘Sync’ operation.

PM53310

R#41997

Fatal error submitting CR where webtype differs between CRProcess and Submit dialog

PM53410

R#42006

Perl script: Task query directed at remote server but attempts to run on central server

PM53767

R#42024

PTDataListBox inconsistency when no there are no favorite users

PM54685

R#42098

transition_log misalignment in section

N/A

R#42100

Task is always created if default value for _CREATE_TASK is set in transition dialog

N/A

R#42102

OSLC DB GUID changes when installing process package.

PM55556

R#42148

mirrored attribute values UI inconsistency

PM55562

R#42149

Rational Change 5.2 :-Unable to view email id of the user in the subscription list

N/A

R#42163

No results returned on developer privilege under ‘Report on users by privilege’

PM56292

R#42204

DOORS Change Integration Performance Downgrade Caused By Large RDS Group

PM56728

R#42233

Fix pack 5.3.0.2 breaks the ability to ‘Simple Process View’ diagram

N/A

R#42298

Document new feature - OSLC

PM58286

R#42358

Queuing parallel backend requests messages appearing in event.log

N/A

R#42384

Translate Change 5.3.0.3

N/A

R#42402

Add OSLC consumer behaviour to Change 5.3

N/A

R#42454

Cookie is not getting set properly when accessing Change with url having hostname instead of ipaddress

PM59661

R#42296

Find users by privilege does not work as expected

Interim Fix 2 (5.3.0.2_iFix002)

Link

Date Released

Status

Download 5.3.0.2_iFix002

30 January 2012

Superseded

APAR

Internal ID

Description

PM53296

R#41995

Jetty crashes with URE under various circumstances

Interim Fix 1 (5.3.0.2_iFix001)

Link

Date Released

Status

Download 5.3.0.2_iFix001

15 November 2011

Superseded

APAR

Internal ID

Description

PM27334

R#38715

Document defects about Japanese Change Perl API

PM32155

R#39508

"br / " appears when Japanese_Localization is installed

N/A

R#41388

Translate Change 5.3.0.2 in Japanese and Chinese.

Fix Pack 2 (5.3.0.2)

Link

Date Released

Status

Download 5.3.0.2

15 September 2011

Superseded

APAR

Internal ID

Description

PM25917

R#38496

CR link does not change color when clicked

N/A

R#39347

Able to bulk transition (dialog less) CRs on which required attribute is not set.

PM31774

R#39452

CCM_READONLY field is corrupted when the field’s Web Type in the previous state is CCM_EXTENDED_TEXT

PM32377

R#39545

Downloads with web service slower than with browser. (This fix needs manual steps. Please refer to Installation instructions document.) The new web service API added is ‘getAttachmentLink’ which returns a link to the attachment for downloading. The attachment must exist and be readable by the calling user, otherwise returns an error. This API accepts token and attachment ID(can be obtained from ‘listAttachments’ API.

N/A

R#40036

OSLC log in doesn’t work right with database ‘admin’ user

PM36916

R#40318

When an attribute named ‘action’ exists, it is not possible to edit and save a CR in Internet Explorer 8

PM37980

R#40442

White gaps are visible in the colored areas on transition forms using the ECP process (This fix is in ECP_process_1.xml. Generate the process package from ECP_process_1.xml and install for this change to take effect.)

N/A

R#40486

[RDS 5675]Project data is not getting saved when Change is connected to RDS 5.2.0.1 Tivoli

PM39704

R#40566

Copy / paste CCM_EXTENDED_TEXT attribute value from one CR to another creates new cells in the attribute and in Excel reports.

PM41034

R#40684

ECP_Process package: The attribute “modifiable_in” shouldn’t be read-only in transition “analysed2in_analysis” (This fix is in ECP_process_1.xml. Generate the process package from ECP_process_1.xml and install for this change to take effect.)

N/A

R#40762

“Rational_Change.5.3.FP0.1.fxtag” file is not getting copied to the appropriate directory (This fix needs manual steps. Please refer to Installation instructions document.)

PM42279

R#40787

Mirrored Attributes show attribute values multiple times

PM42603

R#40815

Formatting problems with columns and sub-reports

N/A

R#40841

Change 5.3.0.2 should point to new JDK (JRE): IBM JDK 1.6.0 SR9 FP1

PM42998

R#40856

When a parent listbox value has a trailing space, sublistbox values are not displayed

N/A

R#40864

OSLC error looking up comments

N/A

R#40875

Unhandled exception / Segmentation error at Change startup

N/A

R#40876

5.3.0.1: Impossible to submit CRs with Extended Text through web services.

N/A

R#40892

Not all exceptions are converted to compatible exceptions at central server when thrown from remote server

N/A

R#40896

Change-SA OSLC integration: Recent list not getting updated

PM43562

R#40901

DRS/Change: Unable to view Associated RC Link

N/A

R#40942

Active Users in Status Summary shows too many active users.

N/A

R#40949

Not able to insert image to “ccm_extended_text” attribute

N/A

R#40976

Receiving “Failed to modify object” message when attempting transition. (This fix requires regeneration and reinstallation of your process package)

N/A

R#40988

Error “400 URL must be absolute” when running fixTdsForMigration.pl

N/A

R#41004

Change 5.3.0.2 does not copy ChangeService.wsdl file to the appropriate location (This fix needs manual steps. Please refer to Installation instructions document.)

N/A

R#41041

Update to Perl’s apiHelp.html

N/A

R#41056

Update the Perl API Help doc to have latest Synergy terms.

N/A

R#41072

Outdated search index can cause HTTP 500 error when sorting search results.

PM45774

R#41107

Change 5.3.0.1: listbox BSF scripts are now only executed at application startup or at configuration reload (This fix needs update to pt.cfg. Add the below line to the end of pt.cfg file: [CCM_SYSTEM][CACHE_EXTERNAL_LISTBOX_VALUES]“actual_value”[/CACHE_EXTERNAL_LISTBOX_VALUES][/CCM_SYSTEM] and replace “actual_value” with either “true” or “false” as needed.)

N/A

R#41139

Update RDS client libraries to RDS 5.1.1 Apache iFix04.

N/A

R#41159

Change 5.3.0.2 build 884: Process help is not rendered completely.

PM46317

R#41167

Slow JDBC-based indexing in RC 5.3

N/A

R#41243

Checkin new RDS client libraries

N/A

R#41248

Too many “getControlType: Invalid Control Type: -1” messages seen in event.log

N/A

R#41273

Log messages indicating the status of optimization is missing in 5.3

N/A

R#41324

Change 5.3.0.2 (Build 889) - Creating package using ‘doors_oslc_process10.xml’ process displays ‘Fatal Rational Change Servlet Error’

The following corrections, while not part of the Fix Pack proper, were made to the Information Center.:

PM22845

R#37899

Listbox Manager tab documentation error

Fix Pack 1 (5.3.0.1)

Link

Date Released

Status

Download 5.3.0.1

16 June 2011

Superseded

APAR

Internal ID

Description

PM05100

R#35043

Filenames that contain characters with an umlaut do not download correctly

PM28738

R#38948

Alias column is missing from optional and required attribute tables in the CR process help

PM29474, PM27970

R#39050

Error in IE when creating a child CR with description set as a preference attribute

PM29704

R#39079

The script set_attribute.js set on a relation attribute doesn’t recognize the current CR

PM33482

R#39716

Incorrect format if System and Shared reports have duplicate names

N/A

R#39848

CR migrate to central database fails

PM34367, PM34142

R#39882

“webType” property does not give real web type in JSP reports

N/A

R#40037

Printer-Friendly View not showing attachments

N/A

R#40528

Queries and reports with ‘<’ or ‘>’ in their names fail

N/A

R#40673

Change and System Architect OSLC integration: Unable to link diagrams/definitions when user creates new artifacts in Change

N/A

R#40677

Adding RTC friend server though Change fails while parsing root services document

The following corrections, while not part of the Fix Pack proper, were made to the Knowledge Center:

N/A

R#32492

Auto-installation of cs_reports when installing a process package is not documented

N/A

R#36510

Document how to change the password or unlock the account of the local admin user

N/A

R#40446

Help information for configuration of change to work in https is incorrect

Initial Release (5.3)

Link

Date Released

Status

Download 5.3

05 May 2011

Superseded

APAR

Internal ID

Description

PK84226

R#32602

Document that you cannot remove a central database once it has been assigned to a server.

PK85812

R#32953

Installation without a database path continues without error.

PK98875

R#33036

Running the CMMI Matrix Report format with certain process packages may result in an error.

PM01046

R#33308

HTTP error appears upon clicking the BasicTemplate link on the Perl API page.

PK92519

R#33638

Not all end-states are taken into account for parent/child check.

PK92530

R#33639

Notification trigger in ECP process should use the concluded_id attribute, not concluder.

PM01779

R#34693

Capitalized attribute names are not searchable from Advanced Search menu.

PM05468

R#35080

Security rules for the ‘caused_during’ attribute are inconsistent in Change ECP process.

PM06913

R#35279

Specifying an ‘&’ (ampersand) in a password for the local admin user during installation does not work.

PM06916

R#35281

Synergy backend sessions do not start when the password contains an ampersand directly after installing Change.

PM07277

R#35335

Some attributes are displayed twice in the bulk modify window.

PM13100

R#36222

Bulk transitions should respect required attributes of the FROM state show dialog.

PM13101

R#36223

Don’t show a transition dialog for dialogless transitions during a bulk transition.

PM15426

R#36572

Unable to transition RCR to rejected state.

PM19464

R#37308

Status field containing Japanese characters is wrapped on an inline report.

PM26782

R#38589

Reference to lifecycle attribute in Admin Guide is obsolete.

PM27400

R#38727

Inability to align attributes to the left in sections.

PM27411

R#38728

Naming a state “Admin” crashes the Administration tab.

Table of Contents:

5.3.1 Fix Pack 2

5.3.1.1 Interim Fix 14

5.3.1.1 Interim Fix 13

5.3.1.1 Interim Fix 12

5.3.1.1 Interim Fix 11

5.3.1.1 Interim Fix 10

5.3.1.1 Interim Fix 9

5.3.1.1 Interim Fix 8

5.3.1.1 Interim Fix 7

5.3.1.1 Interim Fix 6

5.3.1.1 Interim Fix 5

5.3.1.1 Interim Fix 4

5.3.1.1 Interim Fix 3

5.3.1.1 Interim Fix 2

5.3.1.1 Interim Fix 1

5.3.1 Fix Pack 1

5.3.1 Fix Pack 2

Link

Date Released

Status

Download 5.3.1.2

29 March 2018

Current

APAR

Internal ID

Description

PI88115

R#47235

RATIONAL CHANGE LIFECYCLE EDITOR BECOMES UNUSABLE AFTER ATTEMPTING TO SET A TRANSITION TO BE THE PRIMARY TRANSITION

PI93499

R#47286

USER HOME PAGES DISAPPEAR FROM RATIONAL CHANGE USER INTERFACE AFTER 5.3.1.1 IFIX 14 APPLIED

Interim Fix 13 (5.3.1.1_iFix014)

Link

Date Released

Status

Download 5.3.1.1_iFix014

21 December 2017

Superseded

APAR

Internal ID

Description

PI89730

R#47250

IN RATIONAL CHANGE ADMIN INTERFACE IN CURRENT SYSTEM LOAD SECTION THE INDIVIDUAL SESSIONS ARE NOT DISPLAYED

Interim Fix 13 (5.3.1.1_iFix013)

Link

Date Released

Status

Download 5.3.1.1_iFix013

18 September 2017

Superseded

APAR

Internal ID

Description

PI84718

R#47206

NON ADMIN USER SHOWN AS ADMIN UNDER STATUS SUMMARY TAB OF RATIONAL CHANGE

PI83972

R#47207

RUNNING AN MS EXCEL REPORT IN RATIONAL CHANGE ADDS NEW CELLS BEFORE AND AFTER INDENTED TEXT OR TEXT WITH OTHER FORMATTING STYLE.

Interim Fix 12 (5.3.1.1_iFix012)

Link

Date Released

Status

Download 5.3.1.1_iFix012

18 May 2017

Superseded

APAR

Internal ID

Description

PI79180

R#47184

UNABLE TO ENTER INTEGER VALUE FOR AN ATTRIBUTE WITH WEBTYPE “CCM _NUMBER” AND DBTYPE “INTEGER” IN “DOORS_OSLC_PROCESS_10” PACKAGE

PI79946

R#47189

IMPORTING TEXT INTO A RATIONAL CHANGE CCM_EXTENDED_TEXT ATTRIBUTE USING THE CHANGE PERL API STRIPS THE TEXT OF ITS FORMATTING

Interim Fix 11 (5.3.1.1_iFix011)

Link

Date Released

Status

Download 5.3.1.1_iFix011

16 Mar 2017

Superseded

APAR

Internal ID

Description

N/A

R#46974

Add support to Java web start.

PI75315

R#47157

OSLC PUT REQUEST FAILS TO UPDATE ATTRIBUTES OF TYPE CCM_TEXT

PI77577

R#47166

MESSAGE “GETEOLCHAR: BROWSER OS NOT LISTED:AGENTNAME/0.1LIBWWW-PERL/5.803” REPORTED IN THE EVENT.LOG

N/A

R#47170

Attaching a Cr is allowed through web service API even if the CR is in a closed state.

Interim Fix 10 (5.3.1.1_iFix010)

Link

Date Released

Status

Download 5.3.1.1_iFix010

20 Dec 2016

Superseded

APAR

Internal ID

Description

PI70208

R#47115

ADDING A LINK TO A CHANGE CR IN DOORS NEXT GENERATION FAILS WITH CRRRW7255E.

PI70921

R#47126

SEARCH ON USER ACTION PANEL DOES NOT ALWAYS RETURN EXPECTED RESULTS

Interim Fix 9 (5.3.1.1_iFix009)

Link

Date Released

Status

Download 5.3.1.1_iFix009

15 Oct 2016

Superseded

APAR

Internal ID

Description

N/A

R#47116

Certificate used to sign applet jar is revoked.

Interim Fix 8 (5.3.1.1_iFix008)

Link

Date Released

Status

Download 5.3.1.1_iFix008

22 Sep 2016

Superseded

APAR

Internal ID

Description

PI58971

R#47007

DELETING A RATIONAL DOORS TO CHANGE OSLC LINK IN DOORS DOES NOT DELETE THE IMPLEMENTSREQUIREMENT LINK IN CHANGE

PI61595

R#47044

RATIONAL CHANGE PERL API TRIGGERS NOT WORKING WITH TLSV1.2

PI63884

R#47064

CREATE/ADD A CR FROM A REQUIREMENT IN DNG FAILS WITH “CRCHG1378E UNKNOWN DIALOG”

N/A

R#47072

Workaround to the escalation 50815: Avoid storing shared preferences data in RDS and use local cache to store them.

PI67435

R#47094

USING SECURE PORT AND META-GROUPS DOES NOT WORK IN CHANGE 5.3.1

PI67880

R#47100

USER NAME IS NOT SHOWN WHEN E-SIGNATURE IS DISPLAYED.

N/A

R#47102

For locked users in RDS, message need to be changed in Change interface.

Interim Fix 7 (5.3.1.1_iFix007)

Link

Date Released

Status

Download 5.3.1.1_iFix007

23 June 2016

Superseded

APAR

Internal ID

Description

PI62455

R#47049

MATRIX REPORT FAILS WITH A LARGE NUMBER OF CRS

PI62212

R#47047

SETTING REPORT_PROGRESS_INFO TO TRUE BREAKS MATRIX FORMATTED REPORTS

PI62676

R#47053

RTF FILE IS CORRUPT- IN RTF REPORTS AFTER APPLYING IFIXS 05 AND 06 SEE ESC 50376

PI62789

R#47054

RATIONAL CHANGE 5.3.1 REPORT FORMATS USING LISTBOX SORT TYPE NOT SORTED FOR EXTERNAL LISTBOX

PI58942

R#47006

USERS ARE NOT NOTIFIED BY AN EMAIL WHEN THEY ARE ASSIGNED AS THE EVALUATOR OF A CR.

PI60392

R#47031

SET_ATTRIBUTE.JS POST-TRANSITION TRIGGER FAILS IN ECP PROCESS

PI53557

R#46942

ADDING SERVER NAME TO COMPATIBILITY VIEW IN INTERNET EXPLORER 11 SHOULD NOT BE REQUIRED.

PI61102

R#47037

NOTIFICATION EMAILS ARE NOT SENT BY TRANSITION_NOTICE.PL WHEN CURRENT USER IS THE RESOLVER

PI61374

R#47041

MODIFICATION OF THE VALUE OF A TASK CUSTOM BOOLEAN ATTRIBUTE STILL DOES NOT WORK.

PI63201

R#47057

RATIONAL CHANGE 5.3.1.1 IFIX 06 IS NOT TERMINATING THREADS STARTED BY A TRIGGER PROCESS

PI62416

R#47048

DOCUMENTATION ABOUT THE XMX IN RATIONAL CHANGE 5.3.1 IS NOT UPTO DATE

PI62675

R#47052

ADDING A ‘NEW IMPLEMENTED BY’ LINK IN A RATIONAL DOORS OBJECT TO A RATIONAL CHANGE CR FAILS

Interim Fix 6 (5.3.1.1_iFix006)

Link

Date Released

Status

Download 5.3.1.1_iFix006

23 March 2016

Superseded

APAR

Internal ID

Description

PI53499

R#46937

“INSERT NAME AND TIMESTAMP” FEATURE IN ECP PROCESS FAILS WITH INTERNET EXPLORER 11

PI53500

R#46938

“SAVING CHANGE REQUEST PROCESS” DIALOG LOADS ENDLESSLY FOR ECP_PROCESS.XML IN IE 11

PI53500

R#46945

THE CREATEOBJECTATTRIBUTESÂ FUNCTION IN THE CHANGE PERL APIÂ DOES NOTÂ WORK

PI56613

R#46989

REPORTS WITH RTF FORMAT ONLY DISPLAYS THE RTF CODE IN MS WORD.

PI54410

R#46954

A LENGTHY ERROR MESSAGE RETURNED FROM A PERL TRIGGER SCRIPT CAN CAUSE RATIONAL CHANGE TRANSITION TO HANG

PI56883

R#46994

EFFORT PROGRESS BAR NOT DISPLAYING CORRECTLY FOR A CR

PI57414

R#46999

ADDING A PREVIOUSLY DELETED IMPLEMENTED BY LINK ADDS A SECOND BACKLINK IN THE SAME IBM RATIONAL CHANGE CR

Interim Fix 5 (5.3.1.1_iFix005)

Link

Date Released

Status

Download 5.3.1.1_iFix005

10 December 2015

Superseded

APAR

Internal ID

Description

PI42625

R#46781

SECTIONAL PAGE NAVIGATION NOT BEHAVING AS EXPECTED

PI47531

R#46854

CUSTOM BOOLEAN TASK ATTRIBUTE NOT HANDLED PROPERLY WITH THE TRIGGER CREATE_ASSOCIATED_TASK.JS

N/A

R#46905

SHARED REPORT IMMEDIATELY EXECUTION, “A SERVER ERROR HAS OCCURRED”

PI52614

R#46922

THE STATE OF A CHANGE DATABASE CHANGES AFTER A RESTART OF RATIONAL CHANGE

Interim Fix 4 (5.3.1.1_iFix004)

Link

Date Released

Status

Download 5.3.1.1_iFix004

23 September 2015

Superseded

APAR

Internal ID

Description

N/A

R#46319

Report Format Display when ‘run immediately’ does not use defined formatting

N/A

R#46612

Subscriber full name replaced by user login in Edit CR Subscription List dialog

N/A

R#46627

Submitters name not showing up using annotated text via email URL to access CR

N/A

R#46704

Wrong config key is used while showing external list box values in Queries tab

N/A

R#46774

JSON file parsing issue in Dynamic required attributes feature.

N/A

R#46833

[5311-04]: NPE observed while edtiting the report in homepage.

PI36465

R#46554

PreferenceNameSubstitutionForAllUsers deletes old preferences if a new preference already exists

PI37180

R#46575

transition_notice.pl needs to be tweaked to handle all email configurations properly

PI37285

R#46582

Particular user is unable to access CRs after saving a favorite user

PI38761

R#46624

Bulk transitions fails when one or more related CRs are not in required state

PI39242

R#46636

CCM_DATE attribute is missing the SUB_ATTR_ prefix resp. suffix

PI40716

R#46696

Obsolete http setup instructions in Rational Change 5.3.1.1 Knowledgecenter

PI41439

R#46731

Rational Change groups page error “com.telelogic.tds.engine.ldap.jndi.TDSUser incompatible …”

PI42230

R#46782

SUBMIT FORM FOR CR NOT AUTOPOPULATING USER DATA FROM RDS DATABASE AS EXPECTED

PI43688

R#46765

EXTERNAL LISTBOX SCRIPT BASELINEINFO.JS FAILS

PI44179

R#46771

THE ‘WHAT TASKS ARE NOT IN THE LATEST BUILD?’ QUERY BROKEN IN RATIONAL CHANGE 5.3 AND 5.3.1

PI44230

R#46783

IBM KNOWLEDGE CENTER DOCUMENTATION ON CONFIGURING CHANGE FOR SSH/TLS IS INCORRECT AND OUTDATED

PI44586

R#46784

PERL API CONFUSE THE ACTIONS OF TWO PARALLEL RUNNING OPERATIONS

PI44662

R#46785

BASELINEINFO.JS DOES NOT REPORT ANY RELEASE FOR THE TARGET_RELEASE IN THE ECP PACKAGE WITH CHANGE 5.3…1.1.IFIX03

PI45701

R#46779

CANNOT CREATE MULTIPLE IMPELEMENTED BY LINKS TO CR IN RATIONAL CHANGE

PI47024

R#46845

CORPORATE USERS NOT ABLE TO LOGIN TO CHANGE ADMIN INTERFACE WITH ACTIVE “DYNAMIC PRIVILEGES WITH PROJECT SECURITY” FEATURE

Interim Fix 3 (5.3.1.1_iFix003)

Link

Date Released

Status

Download 5.3.1.1_iFix003

26 March 2015

Superseded

APAR

Internal ID

Description

N/A

R#40772

Ability to use password ressource file in login CSAPI function to avoid unencrypted passwords in files

N/A

R#45890

IE 11 Compatible mode - back button of browser of IE11 does not work as intended

N/A

R#46012

Home page browsable queries are not working in IE 11 compatibility mode

N/A

R#46261

Browse query fails

N/A

R#46304

submission of a CR results in error ‘unknown attribute type’

N/A

R#46305

Unable to redefine Query limits for reports with Block Reports

N/A

R#46335

Entering a comment with …/ will cause entry to be ignored by IBM Rational Change when saving CR

PI29136

R#46347

Upper-case AD username and lower-case Change username issues

N/A

R#46390

ldap.user_group_refresh_interval_mins=0 is ignored

N/A

R#46433

Open Source Direct Web Remoting vulnerability - Reported in 11/14/2014 X-Force Report

PI33297

R#46468

Rational Change Query Issue:Failed to convert user

PI33391

R#46472

Cookie not cleared upon logout using Change

N/A

R#46490

Pagination in relational report option fails when using “immediately run report” option

PI34624

R#46500

Change configured with https fails to open Synergy dialogs

PI34899

R#46510

After upgrade displaying a CR reports ParseWsletBuffer WsletException

N/A

R#46526

Rational Change 5.3.1.1 Word Block reports display special characters (Umlauts) incorrectly

Interim Fix 2 (5.3.1.1_iFix002)

Link

Date Released

Status

Download 5.3.1.1_iFix002

19 August 2014

Superseded

APAR

Internal ID

Description

N/A

R#46084

Critical Security Vulnerability in RDS Client library. Review Security Bulletin: Critical Security Vulnerability in RDS Client library affecting Rational Change (CVE-2014-3089) for details.

PI21781

R#46104

Certain character patterns cause text fields to appear blank after submission

PI21826

R#46106

CCM_DATE control in Rational Change 5.3.1.1 ifix 001 broken

N/A

R#46150

Change login works with wrong case username

PI23450

R#46153

unable to set default value on submission dialog for attribute

PI20491

R#46043

Change 5.3.1 vulnerable to ‘clickjacking’

Interim Fix 1 (5.3.1.1_iFix001)

Link

Date Released

Status

Download 5.3.1.1_iFix001

26 June 2014

Superseded

APAR

Internal ID

Description

N/A

R#45793

Add security tech notes link to “Security Considerations” in Change help.

PI15623

R#45876

Running an MS Excel report in Rational Change adds new cells before and after indented text

PI15714

R#45880

Changing Java maximum heap size for Jetty on Unix incorrectly documented

N/A

R#45886

mirrored_attribute of type time does not use the format of CCM_DATE attribute

PI16257

R#45901

Homepages with (German) umlaut characters do not display correctly

PI16933

R#45924

Bad warning when modifying CCM_EXTENDED_TEXT webtype in Lifecycle Editor

N/A

R#45940

Saving process .xml hangs due to validation.js file

PI17595

R#45947

ECP_MULTISELECT Inherit problem

N/A

R#45952

Calendar widget not displaying correctly in Change 5.3.1.1

PI18914

R#45993

Backlinks not created from test execution record in RQM to Rational Change using OSLC

PI19937

R#46031

Password Field with Autocomplete Enabled

Fix Pack 1 (5.3.1.1)

Link

Date Released

Status

Download 5.3.1.1

27 March 2014

Superseded

APAR

Internal ID

Description

N/A

R#45489

Rational Change shows warning “This application will be blocked in a future Java security update …”

N/A

R#45491

Ok to “Discard Edit” does not remove the unsaved modification when a task is also created

PI08627

R#45539

Rational Change install log “Failed to execute registry command, cannot read or write to registry” warning

PI08690

R#45543

Generating a process package using IBM Rational Change floods event.log with PTGenerate: Invalid Action errors

N/A

R#45566

Missing Token Error in Change event log

PI10195

R#45609

OSLC URL “https://[Server]/change/oslc/db/[DB]/role/User/shape/change_request” is failing to return data

N/A

R#45633

Certificate used to digitally sign applet expires on March 2014

N/A

R#45649

Embedded URL within email may not be accessible to recipient.

PI11355

R#45653

Running an IBM Rational Change advanced search fails and returns an error in MS Internet Explorer

N/A

R#45673

Security issues reported by AppScan on scanning 5.3.1.1

PI11679

R#45674

Rational Change users get the Rational Change login screen for every MS Excel report hyperlink they select

PI13933

R#45812

CHANGE_HOME/jetty/bin/jetty.sh is missing the line JETTY_RUN=$JETTY_HOME

Mod Pack 1 (5.3.1)

Link

Date Released

Status

Download 5.3.1

21 November 2013

Superseded

APAR

Internal ID

Description

PM43215

R#40868

Installing change fails with error: Failed to copy integrations directory to Change run area.

PM62150

R#42763

Value of NULL shows up in label below chart in Trend Analysis with Value breakdown graph

PM64888

R#43014

Problems setting value for ‘purpose’ listbox attribute

PM66266

R#43106

Should be able to display whitespace in readonly text fields on show forms

PM70692

R#43429

Error message “CRCHG0956E Cannot identify listbox priority.” when clicking task

PM73590

R#43658

Logging of OS in Console Mode crashes the Change Service

PM75068

R#43704

REPORT_LINKS_USE_TOKEN should be removed from all controls

PM75217

R#43755

Behavior of ‘Delete’ for Attachments is incorrect when Read-Write security is enabled

PM84635

R#44302

Select and Copy is not available for ‘Home Page’ reports.

PM95358

R#44995

User required to login to popup dialogs when switching databases

N/A

R#40505

Unable to do number comparisons in Change Query dialog

N/A

R#43800

As a Change administrator I want to configure dynamically required attribute on Change server

N/A

R#43857

As a Change user I want DRA rules to be applied on various forms in Change like Show, Submit and Transition forms

N/A

R#44037

As a Change Administrator, I want DRA rules to map to specific lifecycle / CR process while enforcing DRA rules for a user

N/A

R#44478

Documentation: Dynamic required attributes

N/A

R#43138

Dojo Framework outdated

N/A

R#44300

IE10 Support for Change/Synergy

N/A

R$44829

Allow homepages to be database specific

N/A

R#44842

Mechanism to allow a user to select specific home page reports to run on load of the home page

N/A

R#42410

OPC: Documentation needed for Change installation in secure envrionments

N/A

R#42412

OPC - Documentation is vague and should be expanded on security rules for lifecycle customization.

N/A

R#43816

A Query With No Matches Does Not Need to Display the Query Text

N/A

R#33076

Bundle Jetty 8.1.3 with the Change installer

N/A

R#44117

Remove tokens from URLs used in internal action links

N/A

R#45223

Upgrade the RCL client libraries to 8.1.3.3 version for all platforms

N/A

R#44531

(UTF-8) Japanese name query/format is unable to be set as home page.

N/A

R#44930

The crAssignEmail.pl hangs if there is no reference to resolver in LDAP

N/A

R#45005

Translate Change 5.3.1 in Japanese and Chinese

N/A

R#45008

modifyObjectattribute API doesnot log the info to transition log

N/A

R#45237

When Change consumes RTC OSLC services, backlink on RTC does not get created

N/A

R#31132

Chart Legends show ellipsis (…) even if it is not desired

N/A

R#31281

Database name shown as null on trends chart

N/A

R#40897

Change-SA OSLC integraion: Description field is readonly in Submit CR dialog

N/A

R#41684

Problems with Installer dialog in both languages.

N/A

R#43641

OSLC state predicates are not defined for dev_process

N/A

R#43730

RRC fails to allow users to update “Desc” field while CREATING a “Rational Change” artifact thru link type “Implemented By” and "Tracked By". This function blocks SAVE operation.

N/A

R$44075

Transition to new cryptographic standards is required for SWG products - by 2013

N/A

R#44215

OSLC Picker for Rational Change inserts %20 instead of spaces

N/A

R#44406

Session Sharing implementation in Rational Change

N/A

R#44441

Security considerations - Change IC topic

N/A

R#44520

Change Trigger API object is not available for external listbox.

N/A

R#44650

Maintain unique attachment names

N/A

R#44651

Check-in “RDS_Tivoli_521_ifix01” client libraries.

N/A

R#44665

R#44075: Change the encryption algorithm from PBEWithMD5AndDES to AES

N/A

R$44715

R#44075: Enable TLS 1.2 and be prepared to disable protocols less than TLS 1.2

N/A

R#44758

Merge ECP_process_1.xml with ECP_process.xml

N/A

R#44970

Matrix report is missing the part of the attribute name surrounding by the brackets

N/A

R#45010

Queries with ‘<’ or ‘>’ in their names fail

N/A

R#45037

Rdf generated for Change OSCL has invalid value for rdf:Id

N/A

R#45039

Associated tasks limit does not warn any longer when limit is exceeded.

N/A

R#45043

No results returned when quering tracksChangeSet through OSLC on a stand alone Change server

N/A

R#45091

Make RDF generated by Change valid.

N/A

R#45344

Documentation updates required for Change. Synergy and Integrations.

N/A

R#45074

PreTVT:Chinese characters in installation panel are not clear enough to read

N/A

R#45172

ModifyObjectAttributes api has missing ; in the stated example

N/A

R#45389

Sign applet jar with timestamp.

Table of Contents:

5.3.2 Fix Pack 5

5.3.2.4 Interim Fix 01

5.3.2 Fix Pack 4

5.3.2 Fix Pack 3

5.3.2 Fix Pack 2

5.3.2.1 Interim Fix 01

5.3.2 Fix Pack 1

5.3 Mod Pack 2

5.3.2 Fix Pack 5

Link

Date Released

Status

Download 5.3.2.5

30 September 2022

Current

APAR

Internal ID

Description

PH43246

R#47631

RATIONAL CHANGE USER INTERFACE SHOWS ‘HTTP ERROR 500’ WHEN DEFAULT HOME PAGE IS SELECTED

PH43875

R#47644

RATIONAL CHANGE 5.3.2 PROCESS PACKAGE UNINSTALLATION FAILS ON WINDOWS 2016

PH33172

R#47642

LOGGING INTO RATIONAL CHANGE USING A DATABASE THAT HAS A SPACE IN ITS LABEL RESULTS IN HTTP ERROR 500

PH09743

R#47638

THE ‘INSERT NAME AND TIMESTAMP’ BUTTON IN RATIONAL CHANGE ECP ENTERS DATA TO WRONG LOCATION WHEN USING INTERNET EXPLORER 11

PH14268

R#47641

CCM_DATE FIELD IS INCORRECTLY UPDATED BY HITTING ENTER KEY IN AN IRRELEVANT TEXT FIELD

PH17391

R#47643

INSTALLING A REPOR 5.3.1 REPORT BUILDER FAILS WITH ERROR CRCHG0559ET FROM BASIC_SUMMARY.XML IN RATIONAL CHANGE

PH30617

R#47645

ANY PRIVILEGE ADDED TO ECP_PROCESS WILL NOT BE AVAILABLE UNDER RATIONAL CHANGE USER MANAGEMENT

PI99783

NA

RATIONAL CHANGE “APPLICATION BLOCKED BY JAVA SECURITY” MESSAGE IN RATIONAL CHANGE 5.3.1.2

PH45454

R#47635

RATIONAL CHANGE 5.3.2.3 MULTI-LINE TEXT IN A DBTYPE:TEXT ATTRIBUTE IS SHOWN IN A SINGLE LINE WHEN READ-ONLY

PH46625

R#47671

RUNNING MS EXCEL REPORT IN RATIONAL CHANGE ADDS NEW CELLS BEFORE AND AFTER INDENTED TEXT

PH48234

R#47651

NEW HOMEPAGES CANNOT BE CREATED IN RATIONAL CHANGE 5.3.2.X USING RECENT CHROME OR EDGE BROWSER VERSIONS

PH48342

R#47681

IN RATIONAL CHANGE 5.3.2.3 FILE ENGINE.JS, UTIL.JS AND QUICK_SEARCH.JS WERE CHANGED

Interim Fix 1 (5.3.2.4_iFix001)

Link

Date Released

Status

Download 5.3.2.4_iFix001

04 March 2022

Superseded

APAR

Internal ID

Description

PH47085

R#47650

RATIONAL CHANGE 5.3.2 VULNERABILITY TO CVE-2021-4104

5.3.2 Fix Pack 4

Link

Date Released

Status

Download 5.3.2.4

15 December 2021

Superseded

APAR

Internal ID

Description

PH41198

R#47624

NEW PROCESS SPECIFIC HELP IMPROVEMENTS

PH40360

R#47603

CREATING PROCESS PACKAGE FAILS WITH “FAILED TO MERGE WITH PACKAGE” IN RATIONAL CHANGE 5.3.2.3

PH38363

R#47618

LOGIN TO RATIONAL CHANGE 5.3.2.X WITH 3RD-PARTY LDAP FAILS WITH EMPTY ERROR MESSAGE WHEN USING WRONG USERID OR PASSWORD.

PH41029

R#47622

USER HOME PAGES DISAPPEAR FROM RATIONAL CHANGE 5.3.2 USER INTERFACE WHEN USING RDS 5.2.1 FOR USER AUTHENTICATION

PH29944

R#47621

ERRONEOUS COMMA IN CHANGE_HOME\JETTY\WEBAPPS\CHANGE\TRAPEZE\JS531\CUSTOMDOJO\BROWSECRTREE.JS

PH39395

NA

RATIONAL CHANGE 5.3.2.3 PACKAGE CREATION WRONGLY CREATES AN IMAGE FILE IN $CHANGE_HOME/JETTY

5.3.2 Fix Pack 3

Link

Date Released

Status

Download 5.3.2.3

25 June 2021

Superseded

APAR

Internal ID

Description

PH11898

R#47588

CANNOT EDIT THE EXISTING STANDARD HOME PAGES IN RATIONAL CHANGE WHEN [CCM_SYSTEM][SUPPORT_TASKS] IN PT.CFG FILE IS SET TO FALSE.

PH30871

R#47587

UNINSTALLING ECP_PROCESS PACKAGE FAILS IN RATIONAL CHANGE 5.3.2 ON WINDOWS 2016.

PH08909

R#47589

MESSAGE IN A EXCEL FORMAT REPORT IS GARBLED.

PI98963

R#47592

EDITING A TASK OR PROBLEM TEXT ATTRIBUTE IN RATIONAL CHANGE WILL ADD A CARRIAGE RETURN BEFORE THE NEWLINE.

5.3.2 Fix Pack 2

Link

Date Released

Status

Download 5.3.2.2

01 December 2020

Superseded

APAR

Internal ID

Description

PI93499

NA

User Home pages disappear from Rational Change user interface after 5.3.1.1 iFix 14 applied.

Interim Fix 1 (5.3.2.1_iFix001)

Link

Date Released

Status

Download 5.3.2.1_iFix001

07 September 2020

Superseded

APAR

Internal ID

Description

PH24338

R#47498

CROSS-SITE SCRIPTING VULNERABILITIES PRESENT IN RATIONAL CHANGE 5.3.1.1 AND 5.3.1.2.

PH24346

R#47498

VULNERABILITIES FOUND IN CHANGE DURING PENETRATION TESTING.

5.3.2 Fix Pack 1

Link

Date Released

Status

Download 5.3.2.1

14 August 2020

Superseded

APAR

Internal ID

Description

N/A

Mod Pack 2 (5.3.2)

Link

Date Released

Status

Download 5.3.2

23 JUNE 2020

Superseded

APAR

Internal ID

Description

N/A

R#47439

With Eclipse-Change integration, Change CR’s are getting populated in Eclipse.

N/A

R#47431

HTTPS configuration is supported with Change.

Related news

Red Hat Security Advisory 2024-5856-03

Red Hat Security Advisory 2024-5856-03 - A security update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include HTTP request smuggling, bypass, code execution, denial of service, deserialization, and remote SQL injection vulnerabilities.

Gentoo Linux Security Advisory 202312-02

Gentoo Linux Security Advisory 202312-2 - A vulnerability has been found in Minecraft Server which leads to remote code execution. Versions greater than or equal to 1.18.1 are affected.

Gentoo Linux Security Advisory 202310-16

Gentoo Linux Security Advisory 202310-16 - A vulnerability has been discovered in unifi where bundled log4j can facilitate a remote code execution Versions greater than or equal to 6.5.55 are affected.

Cyber Group 'Gold Melody' Selling Compromised Access to Ransomware Attackers

A financially motivated threat actor has been outed as an initial access broker (IAB) that sells access to compromised organizations for other adversaries to conduct follow-on attacks such as ransomware. SecureWorks Counter Threat Unit (CTU) has dubbed the e-crime group Gold Melody, which is also known by the names Prophet Spider (CrowdStrike) and UNC961 (Mandiant). "This financially motivated

CVE-2023-22062: Oracle Critical Patch Update Advisory - July 2023

Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).

CVE-2023-21954: Oracle Critical Patch Update Advisory - April 2023

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...

CVE-2023-28069: DSA-2022-258: Dell Streaming Data Platform Security Update for Multiple Third-Party Component Vulnerabilities

Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulnerability. An attacker with privileges same as a legitimate user can phish the legitimate the user to redirect to malicious website leading to information disclosure and launch of phishing attacks.

CVE-2023-21850: Oracle Critical Patch Update Advisory - January 2023

Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: E-Business Collections). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Demantra Demand Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).

CVE-2022-21587: Oracle Critical Patch Update Advisory - October 2022

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

CVE-2022-34917: Apache Kafka

A security vulnerability has been identified in Apache Kafka. It affects all releases since 2.8.0. The vulnerability allows malicious unauthenticated clients to allocate large amounts of memory on brokers. This can lead to brokers hitting OutOfMemoryException and causing denial of service. Example scenarios: - Kafka cluster without authentication: Any clients able to establish a network connection to a broker can trigger the issue. - Kafka cluster with SASL authentication: Any clients able to establish a network connection to a broker, without the need for valid SASL credentials, can trigger the issue. - Kafka cluster with TLS authentication: Only clients able to successfully authenticate via TLS can trigger the issue. We advise the users to upgrade the Kafka installations to one of the 3.2.3, 3.1.2, 3.0.2, 2.8.2 versions.

Gentoo Linux Security Advisory 202209-02

Gentoo Linux Security Advisory 202209-2 - Multiple vulnerabilities have been discovered in IBM Spectrum Protect, the worst of which could result in arbitrary code execution. Versions less than 8.1.13.3 are affected.

CVE-2022-21586: Oracle Critical Patch Update Advisory - July 2022

Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). The supported version that is affected is 14.5. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Trade Finance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Trade Finance accessible data as well as unauthorized access to critical data or complete access to all Oracle Banking Trade Finance accessible data. CVSS 3.1 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N).

RHSA-2022:5459: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.24 security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-13935: tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS * CVE-2020-14384: jbossweb: Incomplete fix of CVE-2020-13935 for WebSocket in JBossWeb could lead to DoS * CVE-2021-4104: log4j: Remote code execution in Log4j 1.x when application is configured to use JM...

RHSA-2022:5458: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.24 security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 6.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-13935: tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS * CVE-2020-14384: jbossweb: Incomplete fix of CVE-2020-13935 for WebSocket in JBossWeb could lead to DoS * CVE-2021-4104: log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender * CVE-2022-23302: log...

CVE-2022-29855: Security Advisories

Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality." A vulnerability in Mitel 6800 Series and 6900 Series SIP phones excluding 6970, versions 5.1 SP8 (5.1.0.8016) and earlier, and 6.0 (6.0.0.368) through 6.1 HF4 (6.1.0.165), could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution.

CVE-2022-29855: Security Advisories

Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality." A vulnerability in Mitel 6800 Series and 6900 Series SIP phones excluding 6970, versions 5.1 SP8 (5.1.0.8016) and earlier, and 6.0 (6.0.0.368) through 6.1 HF4 (6.1.0.165), could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution.

CVE-2022-24891: esapi-java-legacy/esapi4java-core-2.3.0.0-release-notes.txt at develop · ESAPI/esapi-java-legacy

ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, there is a potential for a cross-site scripting vulnerability in ESAPI caused by a incorrect regular expression for "onsiteURL" in the **antisamy-esapi.xml** configuration file that can cause "javascript:" URLs to fail to be correctly sanitized. This issue is patched in ESAPI 2.3.0.0. As a workaround, manually edit the **antisamy-esapi.xml** configuration files to change the "onsiteURL" regular expression. More information about remediation of the vulnerability, including the workaround, is available in the maintainers' release notes and security bulletin.

CVE-2022-21496: Oracle Critical Patch Update Advisory - April 2022

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service ...

CVE-2022-21363: Oracle Critical Patch Update Advisory - January 2022

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).

CVE-2020-35198: Wind River

An issue was discovered in Wind River VxWorks 7. The memory allocator has a possible integer overflow in calculating a memory block's size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.

CVE-2019-2808: Oracle Critical Patch Update Advisory - July 2019

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVE-2019-2628: Oracle Critical Patch Update Advisory - April 2019

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVE-2019-2455: Oracle Critical Patch Update Advisory - January 2019

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CVE-2018-3064: CPU July 2018

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).

CVE-2018-2637: Oracle Critical Patch Update - January 2018

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/A...

CVE-2017-3600: Oracle Critical Patch Update Advisory - April 2017

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. Note: CVE-2017-3600 is equivalent to CVE-2016-5483. CVSS 3.0 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).

CVE-2016-5612: Oracle Critical Patch Update - October 2016

Unspecified vulnerability in Oracle MySQL 5.5.50 and earlier, 5.6.31 and earlier, and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to DML.

CVE-2015-0391: Oracle Critical Patch Update Advisory - January 2015

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.

CVE-2015-0395: Oracle Critical Patch Update Advisory - January 2015

Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.

CVE-2014-4288: Oracle Critical Patch Update - October 2014

Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6493, CVE-2014-6503, and CVE-2014-6532.

CVE-2014-6469: Oracle Critical Patch Update - October 2014

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER.

CVE-2014-4260: Oracle Critical Patch Update - July 2014

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907