Session Management Flaw in IBM Rational Requirements Composer and DOORS Next Generation
CVE-2015-0121

Currently unrated

Key Information:

Vendor: IBM
Status: Rational Requirements Composer
Vendor: CVE Published:; 30 May 2015

What is CVE-2015-0121?

A session management vulnerability exists in IBM Rational Requirements Composer and Rational DOORS Next Generation when using LTPA single sign-on with WebSphere Application Server. This flaw prevents the termination of a Requirements Management session upon the expiration of an LTPA token. As a result, remote attackers can exploit this vulnerability by accessing an unattended workstation, potentially gaining unauthorized access to sensitive information and functionalities.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21903761

x_refsource_CONFIRM

http://www.securityfocus.com/bid/74910

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 30, 2015
Vulnerability Reserved
Nov 18, 2014