Lucene search

IbmCVE-2015-0121

HistoryMay 30, 2015 - 7:59 p.m.

CVE-2015-0121

2015-05-3019:59:00

ibm

web.nvd.nist.gov

ibm

rational requirements composer

rdng

cve-2015-0121

security vulnerability

ltpa

websphere application server

CVSS2

3.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:N/C:P/I:P/A:P

AI Score

6.6

Confidence

Low

EPSS

0.001

Percentile

50.4%

JSON

IBM Rational Requirements Composer 3.0 through 3.0.1.6 and 4.0 through 4.0.7 and Rational DOORS Next Generation (RDNG) 4.0 through 4.0.7 and 5.0 through 5.0.2, when LTPA single sign on is used with WebSphere Application Server, do not terminate a Requirements Management (RM) session upon LTPA token expiration, which allows remote attackers to obtain access by leveraging an unattended workstation.

Affected configurations

Nvd

Node

ibmrational_requirements_composerMatch3.0

ibmrational_requirements_composerMatch3.0.1

ibmrational_requirements_composerMatch3.0.1.1

ibmrational_requirements_composerMatch3.0.1.2

ibmrational_requirements_composerMatch3.0.1.3

ibmrational_requirements_composerMatch3.0.1.4

ibmrational_requirements_composerMatch3.0.1.5

ibmrational_requirements_composerMatch3.0.1.6

ibmrational_requirements_composerMatch4.0

ibmrational_requirements_composerMatch4.0.0

ibmrational_requirements_composerMatch4.0.0.1

ibmrational_requirements_composerMatch4.0.0.2

ibmrational_requirements_composerMatch4.0.1

ibmrational_requirements_composerMatch4.0.2

ibmrational_requirements_composerMatch4.0.3

ibmrational_requirements_composerMatch4.0.4

ibmrational_requirements_composerMatch4.0.5

ibmrational_requirements_composerMatch4.0.6

ibmrational_requirements_composerMatch4.0.7

Node

ibmrational_doors_next_generationMatch4.0.0

ibmrational_doors_next_generationMatch4.0.1

ibmrational_doors_next_generationMatch4.0.2

ibmrational_doors_next_generationMatch4.0.3

ibmrational_doors_next_generationMatch4.0.4

ibmrational_doors_next_generationMatch4.0.5

ibmrational_doors_next_generationMatch4.0.6

ibmrational_doors_next_generationMatch4.0.7

ibmrational_doors_next_generationMatch5.0

ibmrational_doors_next_generationMatch5.0.1

ibmrational_doors_next_generationMatch5.0.2

VendorProductVersionCPE
ibmrational_requirements_composer3.0cpe:2.3:a:ibm:rational_requirements_composer:3.0:*:*:*:*:*:*:*
ibmrational_requirements_composer3.0.1cpe:2.3:a:ibm:rational_requirements_composer:3.0.1:*:*:*:*:*:*:*
ibmrational_requirements_composer3.0.1.1cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.1:*:*:*:*:*:*:*
ibmrational_requirements_composer3.0.1.2cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.2:*:*:*:*:*:*:*
ibmrational_requirements_composer3.0.1.3cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.3:*:*:*:*:*:*:*
ibmrational_requirements_composer3.0.1.4cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.4:*:*:*:*:*:*:*
ibmrational_requirements_composer3.0.1.5cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.5:*:*:*:*:*:*:*
ibmrational_requirements_composer3.0.1.6cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.6:*:*:*:*:*:*:*
ibmrational_requirements_composer4.0cpe:2.3:a:ibm:rational_requirements_composer:4.0:*:*:*:*:*:*:*
ibmrational_requirements_composer4.0.0cpe:2.3:a:ibm:rational_requirements_composer:4.0.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	rational_requirements_composer	3.0	cpe:2.3:a:ibm:rational_requirements_composer:3.0:::::::*
ibm	rational_requirements_composer	3.0.1	cpe:2.3:a:ibm:rational_requirements_composer:3.0.1:::::::*
ibm	rational_requirements_composer	3.0.1.1	cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.1:::::::*
ibm	rational_requirements_composer	3.0.1.2	cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.2:::::::*
ibm	rational_requirements_composer	3.0.1.3	cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.3:::::::*
ibm	rational_requirements_composer	3.0.1.4	cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.4:::::::*
ibm	rational_requirements_composer	3.0.1.5	cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.5:::::::*
ibm	rational_requirements_composer	3.0.1.6	cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.6:::::::*
ibm	rational_requirements_composer	4.0	cpe:2.3:a:ibm:rational_requirements_composer:4.0:::::::*
ibm	rational_requirements_composer	4.0.0	cpe:2.3:a:ibm:rational_requirements_composer:4.0.0:::::::*

Rows per page:

1-10 of 301

References

www-01.ibm.com/support/docview.wss?uid=swg21903761

www.securityfocus.com/bid/74910

CVSS2

3.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:N/C:P/I:P/A:P

AI Score

6.6

Confidence

Low

EPSS

0.001

Percentile

50.4%

JSON

Related for CVE-2015-0121