CVE-2015-0121

3 documents3 sources

Severity

3.7LOW

EPSS

0.2%

top 58.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Rational Doors Next Generation IBM Rational Requirements Composer

Timeline

PublishedMay 30

Latest updateMay 17

Description

IBM Rational Requirements Composer 3.0 through 3.0.1.6 and 4.0 through 4.0.7 and Rational DOORS Next Generation (RDNG) 4.0 through 4.0.7 and 5.0 through 5.0.2, when LTPA single sign on is used with WebSphere Application Server, do not terminate a Requirements Management (RM) session upon LTPA token expiration, which allows remote attackers to obtain access by leveraging an unattended workstation.

CVSS vector

AV:L/AC:H/C:P/I:P/A:PExploitability: 1.9 | Impact: 6.4

Affected Packages2 packages

▶NVDibm/rational_doors_next_generation11 versions+10

▶NVDibm/rational_requirements_composer19 versions+18

🔴Vulnerability Details

GHSA

GHSA-c9cr-fjpc-6g3v: IBM Rational Requirements Composer 3↗2022-05-17

▶

CVEList

CVE-2015-0121: IBM Rational Requirements Composer 3↗2015-05-30

▶