CVE-2015-0121

Name of the Vulnerable Software and Affected Versions IBM Rational Requirements Composer versions 3.0 through 3.0.1.6 IBM Rational Requirements Composer versions 4.0 through 4.0.7 Rational DOORS Next Generation (RDNG) versions 4.0 through 4.0.7 Rational DOORS Next Generation (RDNG) versions 5.0 through 5.0.2

Description The issue occurs when LTPA single sign on is used with WebSphere Application Server. It allows remote attackers to obtain access by leveraging an unattended workstation, as the Requirements Management (RM) session is not terminated upon LTPA token expiration.

Recommendations For IBM Rational Requirements Composer versions 3.0 through 3.0.1.6, update the configuration to terminate the RM session upon LTPA token expiration. For IBM Rational Requirements Composer versions 4.0 through 4.0.7, update the configuration to terminate the RM session upon LTPA token expiration. For Rational DOORS Next Generation (RDNG) versions 4.0 through 4.0.7, update the configuration to terminate the RM session upon LTPA token expiration. For Rational DOORS Next Generation (RDNG) versions 5.0 through 5.0.2, update the configuration to terminate the RM session upon LTPA token expiration.