VIR Vulnerability Intelligence Relay

CVE-2015-0121

low
Published 2015-05-30 · Modified 2026-05-06
CVSS v3
CVSS v2
3.7
VIR risk
3.7

Description

IBM Rational Requirements Composer 3.0 through 3.0.1.6 and 4.0 through 4.0.7 and Rational DOORS Next Generation (RDNG) 4.0 through 4.0.7 and 5.0 through 5.0.2, when LTPA single sign on is used with WebSphere Application Server, do not terminate a Requirements Management (RM) session upon LTPA token expiration, which allows remote attackers to obtain access by leveraging an unattended workstation.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21903761

Application impact
VendorProductVersionsFixed
ibmrational_requirements_composer3.0
ibmrational_requirements_composer3.0.1
ibmrational_requirements_composer3.0.1.1
ibmrational_requirements_composer3.0.1.2
ibmrational_requirements_composer3.0.1.3
ibmrational_requirements_composer3.0.1.4
ibmrational_requirements_composer3.0.1.5
ibmrational_requirements_composer3.0.1.6
ibmrational_requirements_composer4.0
ibmrational_requirements_composer4.0.0
ibmrational_requirements_composer4.0.0.1
ibmrational_requirements_composer4.0.0.2
ibmrational_requirements_composer4.0.1
ibmrational_requirements_composer4.0.2
ibmrational_requirements_composer4.0.3
ibmrational_requirements_composer4.0.4
ibmrational_requirements_composer4.0.5
ibmrational_requirements_composer4.0.6
ibmrational_requirements_composer4.0.7
ibmrational_doors_next_generation4.0.0
ibmrational_doors_next_generation4.0.1
ibmrational_doors_next_generation4.0.2
ibmrational_doors_next_generation4.0.3
ibmrational_doors_next_generation4.0.4
ibmrational_doors_next_generation4.0.5
ibmrational_doors_next_generation4.0.6
ibmrational_doors_next_generation4.0.7
ibmrational_doors_next_generation5.0
ibmrational_doors_next_generation5.0.1
ibmrational_doors_next_generation5.0.2

References

Verify integrity in audit chain (admin only). AS-IS.