CVE-2015-0121

Published

6 years ago

Last Modified

5 years ago

CVSSv2.0 Severity

Low

Impact Analysis

IBM Rational Requirements Composer 3.0 through 3.0.1.6 and 4.0 through 4.0.7 and Rational DOORS Next Generation (RDNG) 4.0 through 4.0.7 and 5.0 through 5.0.2, when LTPA single sign on is used with WebSphere Application Server, do not terminate a Requirements Management (RM) session upon LTPA token expiration, which allows remote attackers to obtain access by leveraging an unattended workstation..

CVSSv2.0 Score

Severity: Low
Base Score: 3.7/10
Exploit Score: 1.9/10
Access Vector: Local
Access Complexity: High
Authentication Required: None
Impact Score: 6.4/10
Confidentiality Impact: Partial
Availability Impact: Partial
Integrity Impact: Partial

Products Affected

CPE	Affected	Vulnerable	Excluding
cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.4::::	Yes	-	-
cpe:2.3:a:ibm:rational_requirements_composer:4.0.6:::::*	Yes	-	-
cpe:2.3:a:ibm:rational_requirements_composer:4.0.0.2::::	Yes	-	-
cpe:2.3:a:ibm:rational_requirements_composer:4.0.3:::::*	Yes	-	-
cpe:2.3:a:ibm:rational_requirements_composer:4.0.7:::::*	Yes	-	-
cpe:2.3:a:ibm:rational_requirements_composer:4.0::::::	Yes	-	-
cpe:2.3:a:ibm:rational_requirements_composer:4.0.1:::::*	Yes	-	-
cpe:2.3:a:ibm:rational_requirements_composer:3.0::::::	Yes	-	-
cpe:2.3:a:ibm:rational_requirements_composer:4.0.5:::::*	Yes	-	-
cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.2::::	Yes	-	-
cpe:2.3:a:ibm:rational_requirements_composer:3.0.1:::::*	Yes	-	-
cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.1::::	Yes	-	-
cpe:2.3:a:ibm:rational_requirements_composer:4.0.0.1::::	Yes	-	-
cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.5::::	Yes	-	-
cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.6::::	Yes	-	-
cpe:2.3:a:ibm:rational_requirements_composer:4.0.4:::::*	Yes	-	-
cpe:2.3:a:ibm:rational_requirements_composer:4.0.0:::::*	Yes	-	-
cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.3::::	Yes	-	-
cpe:2.3:a:ibm:rational_requirements_composer:4.0.2:::::*	Yes	-	-
cpe:2.3:a:ibm:rational_doors_next_generation:4.0.7:::::*	Yes	-	-
cpe:2.3:a:ibm:rational_doors_next_generation:4.0.5:::::*	Yes	-	-
cpe:2.3:a:ibm:rational_doors_next_generation:4.0.1:::::*	Yes	-	-
cpe:2.3:a:ibm:rational_doors_next_generation:4.0.0:::::*	Yes	-	-
cpe:2.3:a:ibm:rational_doors_next_generation:5.0::::::	Yes	-	-
cpe:2.3:a:ibm:rational_doors_next_generation:4.0.2:::::*	Yes	-	-
cpe:2.3:a:ibm:rational_doors_next_generation:4.0.3:::::*	Yes	-	-
cpe:2.3:a:ibm:rational_doors_next_generation:5.0.1:::::*	Yes	-	-
cpe:2.3:a:ibm:rational_doors_next_generation:4.0.6:::::*	Yes	-	-
cpe:2.3:a:ibm:rational_doors_next_generation:5.0.2:::::*	Yes	-	-
cpe:2.3:a:ibm:rational_doors_next_generation:4.0.4:::::*	Yes	-	-

References

Scan your vulnerabilities for free. Start using Mageni today.

Mageni can help you to find, assess and manage your vulnerabilities.

Get Started for Free

Mageni makes easy to find, prioritize, and remediate the vulnerabilities

Supported by industry-leading vulnerability intelligence and CompTIA PenTest+ professionals, Mageni puts security expertise in your hands.

Internal and External Scans

Scan your internal and public assets for vulnerabilities.

Remediate

Get the recommendations to mitigate the risks and vulnerabilities.

Secure your Applications

Scan third-party applications like Java, Chrome, Adobe and more.

Comprehensive Coverage

Scan servers, workstations and network devices for vulnerabilities.

Report and Analyze

Receive a report of the vulnerabilities that affect your assets.

More visibility

Perform non-credentialed or credentialed scans.

Prioritize

Prioritize the vulnerabilities based on CVSS, severity and other variables.

SSL Certificates

Improve the security of your secure layer and certificates.

CVE-2015-0121

Published

Last Modified

CVSSv2.0 Severity

Impact Analysis

Share

CVSSv2.0 Score

Products Affected

References

Scan your vulnerabilities for free. Start using Mageni today.

Mageni makes easy to find, prioritize, and remediate the vulnerabilities

Internal and External Scans

Remediate

Secure your Applications

Comprehensive Coverage

Report and Analyze

More visibility

Prioritize

SSL Certificates

Simple and transparent pricing

Stop worrying about your budget or licenses limits

What's included

Why should I get a subscription now?

Frequently asked questions

Ready to get started? Start you 7-day free trial

Product

Customer Service

Company

Compliance

CVE-2015-0121

CVE information

Published

Last Modified

CVSSv2.0 Severity

Impact Analysis

Share

Description

CVSSv2.0 Score

Products Affected

References

Scan your vulnerabilities for free. Start using Mageni today.

Mageni makes easy to find, prioritize, and remediate the vulnerabilities

Internal and External Scans

Remediate

Secure your Applications

Comprehensive Coverage

Report and Analyze

More visibility

Prioritize

SSL Certificates

Simple and transparent pricing

Stop worrying about your budget or licenses limits

What's included

Why should I get a subscription now?

Frequently asked questions

Ready to get started? Start you 7-day free trial