{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-05-28T00:00:00", "descriptions": [{"lang": "en", "value": "IBM Rational Requirements Composer 3.0 through 3.0.1.6 and 4.0 through 4.0.7 and Rational DOORS Next Generation (RDNG) 4.0 through 4.0.7 and 5.0 through 5.0.2, when LTPA single sign on is used with WebSphere Application Server, do not terminate a Requirements Management (RM) session upon LTPA token expiration, which allows remote attackers to obtain access by leveraging an unattended workstation."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-11-30T18:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903761"}, {"name": "74910", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/74910"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2015-0121", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM Rational Requirements Composer 3.0 through 3.0.1.6 and 4.0 through 4.0.7 and Rational DOORS Next Generation (RDNG) 4.0 through 4.0.7 and 5.0 through 5.0.2, when LTPA single sign on is used with WebSphere Application Server, do not terminate a Requirements Management (RM) session upon LTPA token expiration, which allows remote attackers to obtain access by leveraging an unattended workstation."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21903761", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903761"}, {"name": "74910", "refsource": "BID", "url": "http://www.securityfocus.com/bid/74910"}]}}}}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2015-0121", "datePublished": "2015-05-30T19:00:00", "dateReserved": "2014-11-18T00:00:00", "dateUpdated": "2016-11-30T18:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "E1E8B281-4A2E-41E9-8953-9F041030EF65", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "2AF24AEA-D261-485F-A7FF-D5DAF033C571", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "FDD53B1B-BCD3-4A8D-8FBB-4965FA30D9E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "C0FA509F-C96E-428C-A69A-7D96E1C219B9", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "0229C996-3960-4A7A-BA2E-03819281CA6D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "F0FBFCAE-0324-4C8B-82F4-1EBFA440CB1F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "17099F68-B49C-4433-98B6-7C7FE8846702", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "D43547B3-1085-48B1-A6D3-32B791EE09FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "8D3894CB-8DF7-4011-B47F-36485A2A6E7B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "BF6342F6-709A-4043-A879-57E9C7232C48", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "C1CDFA1C-9C07-4744-95F9-93A2332E2F13", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "10D8C43B-C109-44E1-868F-7DC1289D9BA8", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "FEAAF6E2-74BE-4FB2-AE49-3C58F68BCEFB", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "44EF2B1F-1CD0-4B6E-8C86-622B0E000F8E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "4EFFBB5B-8566-45BC-9123-5418821E6EB1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "5BF2CC2A-232C-43A6-8C9B-E6125C051BF9", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "2A84EA62-E3F8-4E4C-9FEF-065300C4611A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "0232D8EF-1DB3-477D-818C-B79B68406197", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "7E8158D2-ECB0-4F89-BE73-568CA213D9B8", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "817714F1-B68E-41DB-A4FC-34FD5518B9BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "D0477D24-56F7-46A2-A08A-C20A90E6E85C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "6CABBD25-7C8D-4CE1-B9C9-75670C8B5B09", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "31D9D1B5-C3D1-42F2-A963-9FA30CF20AA0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "E0514FAC-52CE-41F6-B255-E2D83E71F3E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "ACA25E78-52E0-4B5E-AECC-0F24C827F3F2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "746190AA-6D21-446F-80F5-4C98F5BF74A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "08125E1B-FE2B-436C-A69F-067BC1B5C542", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "B2431038-D838-4AB0-B614-EDC1D4D203E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "6A0BC49A-4D59-47AE-B2D2-13B6719B0932", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "E3AE1241-9998-4F5D-862A-52CE40DB24C8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "IBM Rational Requirements Composer 3.0 through 3.0.1.6 and 4.0 through 4.0.7 and Rational DOORS Next Generation (RDNG) 4.0 through 4.0.7 and 5.0 through 5.0.2, when LTPA single sign on is used with WebSphere Application Server, do not terminate a Requirements Management (RM) session upon LTPA token expiration, which allows remote attackers to obtain access by leveraging an unattended workstation."}, {"lang": "es", "value": "IBM Rational Requirements Composer 3.0 hasta 3.0.1.6 y 4.0 hasta 4.0.7 y Rational DOORS Next Generation (RDNG) 4.0 hasta 4.0.7 y 5.0 hasta 5.0.2, cuando el 'Single Sign On' de LTPA est\u00e1 utilizado con WebSphere Application Server, no terminan una sesi\u00f3n de Requirements Management (RM) cuando caduca el token LTPA, lo que permite a atacantes remotos obtener el acceso mediante el aprovechamiento de una estaci\u00f3n de trabajo desatendida."}], "evaluatorComment": "<a href=\"https://cwe.mitre.org/data/definitions/613.html\">CWE-613: Insufficient Session Expiration</a>", "id": "CVE-2015-0121", "lastModified": "2016-12-03T03:02:16.220", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.7, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 1.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-05-30T19:59:00.083", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903761"}, {"source": "psirt@us.ibm.com", "url": "http://www.securityfocus.com/bid/74910"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}