CVE-2015-0121

EUVD-2015-0159
IBM Rational Requirements Composer 3.0 through 3.0.1.6 and 4.0 through 4.0.7 and Rational DOORS Next Generation (RDNG) 4.0 through 4.0.7 and 5.0 through 5.0.2, when LTPA single sign on is used with WebSphere Application Server, do not terminate a Requirements Management (RM) session upon LTPA token expiration, which allows remote attackers to obtain access by leveraging an unattended workstation.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.7 UNKNOWN
LOCAL
HIGH
AV:L/AC:H/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 41%
Affected Products (NVD)
VendorProductVersion
ibmrational_requirements_composer
3.0
ibmrational_requirements_composer
3.0.1
ibmrational_requirements_composer
3.0.1.1
ibmrational_requirements_composer
3.0.1.2
ibmrational_requirements_composer
3.0.1.3
ibmrational_requirements_composer
3.0.1.4
ibmrational_requirements_composer
3.0.1.5
ibmrational_requirements_composer
3.0.1.6
ibmrational_requirements_composer
4.0
ibmrational_requirements_composer
4.0.0
ibmrational_requirements_composer
4.0.0.1
ibmrational_requirements_composer
4.0.0.2
ibmrational_requirements_composer
4.0.1
ibmrational_requirements_composer
4.0.2
ibmrational_requirements_composer
4.0.3
ibmrational_requirements_composer
4.0.4
ibmrational_requirements_composer
4.0.5
ibmrational_requirements_composer
4.0.6
ibmrational_requirements_composer
4.0.7
ibmrational_doors_next_generation
4.0.0
ibmrational_doors_next_generation
4.0.1
ibmrational_doors_next_generation
4.0.2
ibmrational_doors_next_generation
4.0.3
ibmrational_doors_next_generation
4.0.4
ibmrational_doors_next_generation
4.0.5
ibmrational_doors_next_generation
4.0.6
ibmrational_doors_next_generation
4.0.7
ibmrational_doors_next_generation
5.0
ibmrational_doors_next_generation
5.0.1
ibmrational_doors_next_generation
5.0.2
𝑥
= Vulnerable software versions
References
http://www-01.ibm.com/support/docview.wss?uid=swg21903761
http://www.securityfocus.com/bid/74910
http://www-01.ibm.com/support/docview.wss?uid=swg21903761
http://www.securityfocus.com/bid/74910