Vulnerability Description
IBM Rational Requirements Composer 3.0 through 3.0.1.6 and 4.0 through 4.0.7 and Rational DOORS Next Generation (RDNG) 4.0 through 4.0.7 and 5.0 through 5.0.2, when LTPA single sign on is used with WebSphere Application Server, do not terminate a Requirements Management (RM) session upon LTPA token expiration, which allows remote attackers to obtain access by leveraging an unattended workstation.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Rational Requirements Composer | 3.0 |
| Ibm | Rational Doors Next Generation | 4.0.0 |
References
- http://www-01.ibm.com/support/docview.wss?uid=swg21903761Vendor Advisory
- http://www.securityfocus.com/bid/74910
- http://www-01.ibm.com/support/docview.wss?uid=swg21903761Vendor Advisory
- http://www.securityfocus.com/bid/74910
FAQ
What is CVE-2015-0121?
CVE-2015-0121 is a vulnerability with a CVSS score of 3.7 (LOW). IBM Rational Requirements Composer 3.0 through 3.0.1.6 and 4.0 through 4.0.7 and Rational DOORS Next Generation (RDNG) 4.0 through 4.0.7 and 5.0 through 5.0.2, when LTPA single sign on is used with We...
How severe is CVE-2015-0121?
CVE-2015-0121 has been rated LOW with a CVSS base score of 3.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-0121?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Rational Requirements Composer, Ibm Rational Doors Next Generation.