CVSS2
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:H/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
50.4%
IBM Rational Requirements Composer 3.0 through 3.0.1.6 and 4.0 through 4.0.7 and Rational DOORS Next Generation (RDNG) 4.0 through 4.0.7 and 5.0 through 5.0.2, when LTPA single sign on is used with WebSphere Application Server, do not terminate a Requirements Management (RM) session upon LTPA token expiration, which allows remote attackers to obtain access by leveraging an unattended workstation.
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | rational_requirements_composer | 3.0 | cpe:2.3:a:ibm:rational_requirements_composer:3.0:*:*:*:*:*:*:* |
ibm | rational_requirements_composer | 3.0.1 | cpe:2.3:a:ibm:rational_requirements_composer:3.0.1:*:*:*:*:*:*:* |
ibm | rational_requirements_composer | 3.0.1.1 | cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.1:*:*:*:*:*:*:* |
ibm | rational_requirements_composer | 3.0.1.2 | cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.2:*:*:*:*:*:*:* |
ibm | rational_requirements_composer | 3.0.1.3 | cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.3:*:*:*:*:*:*:* |
ibm | rational_requirements_composer | 3.0.1.4 | cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.4:*:*:*:*:*:*:* |
ibm | rational_requirements_composer | 3.0.1.5 | cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.5:*:*:*:*:*:*:* |
ibm | rational_requirements_composer | 3.0.1.6 | cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.6:*:*:*:*:*:*:* |
ibm | rational_requirements_composer | 4.0 | cpe:2.3:a:ibm:rational_requirements_composer:4.0:*:*:*:*:*:*:* |
ibm | rational_requirements_composer | 4.0.0 | cpe:2.3:a:ibm:rational_requirements_composer:4.0.0:*:*:*:*:*:*:* |