VIR Vulnerability Intelligence Relay

CVE-2015-0132

high
Published 2015-03-18 · Modified 2026-05-06
CVSS v3
CVSS v2
7.8
VIR risk
7.8

Description

The XML parser in IBM Rational DOORS Next Generation 4.x before 4.0.7 iFix3 and 5.x before 5.0.2 and Rational Requirements Composer 2.x and 3.x before 3.0.1.6 iFix5 and 4.x before 4.0.7 iFix3 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21698248

Application impact
VendorProductVersionsFixed
ibm ibmrational_requirements_composer2.0
ibm ibmrational_requirements_composer2.0.0.1
ibm ibmrational_requirements_composer2.0.0.2
ibm ibmrational_requirements_composer2.0.0.3
ibm ibmrational_requirements_composer2.0.0.4
ibm ibmrational_requirements_composer3.0
ibm ibmrational_requirements_composer3.0.1
ibm ibmrational_requirements_composer3.0.1.1
ibm ibmrational_requirements_composer3.0.1.2
ibm ibmrational_requirements_composer3.0.1.3
ibm ibmrational_requirements_composer3.0.1.4
ibm ibmrational_requirements_composer3.0.1.5
ibm ibmrational_requirements_composer3.0.1.6
ibm ibmrational_requirements_composer4.0
ibm ibmrational_requirements_composer4.0.0
ibm ibmrational_requirements_composer4.0.0.1
ibm ibmrational_requirements_composer4.0.0.2
ibm ibmrational_requirements_composer4.0.1
ibm ibmrational_requirements_composer4.0.2
ibm ibmrational_requirements_composer4.0.3
ibm ibmrational_requirements_composer4.0.4
ibm ibmrational_requirements_composer4.0.5
ibm ibmrational_requirements_composer4.0.6
ibm ibmrational_requirements_composer4.0.7
ibm ibmrational_doors_next_generation4.0.0
ibm ibmrational_doors_next_generation4.0.1
ibm ibmrational_doors_next_generation4.0.2
ibm ibmrational_doors_next_generation4.0.3
ibm ibmrational_doors_next_generation4.0.4
ibm ibmrational_doors_next_generation4.0.5
ibm ibmrational_doors_next_generation4.0.6
ibm ibmrational_doors_next_generation4.0.7
ibm ibmrational_doors_next_generation5.0
ibm ibmrational_doors_next_generation5.0.1

References

CWEs

CWE-399

Verify integrity in audit chain (admin only). AS-IS.