The IBM GSKit component used in Rational ClearCase and ClearQuest is susceptible to a Transport Layer Security protocol (used in HTTPS) vulnerability known as “Lucky Thirteen.” The vulnerability might allow remote attackers to conduct distinguishing and plain-text recovery attacks by statistically analyzing timing data for crafted packets.
Remediation:
Upgrade to latest version: 7.1.2.12, 8.0.0.8 or 8.0.1.1
Learn more:
