PT-2015-4482 · Ibm · Ibm Websphere Application Server+2
Published
2015-05-30
·
Updated
2016-12-03
·
CVE-2015-0121
CVSS v2.0
3.7
Low
| Vector | AV:L/AC:H/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
IBM Rational Requirements Composer versions 3.0 through 3.0.1.6
IBM Rational Requirements Composer versions 4.0 through 4.0.7
Rational DOORS Next Generation (RDNG) versions 4.0 through 4.0.7
Rational DOORS Next Generation (RDNG) versions 5.0 through 5.0.2
Description
The issue occurs when LTPA single sign on is used with WebSphere Application Server. It allows remote attackers to obtain access by leveraging an unattended workstation, as the Requirements Management (RM) session is not terminated upon LTPA token expiration.
Recommendations
For IBM Rational Requirements Composer versions 3.0 through 3.0.1.6, update the configuration to terminate the RM session upon LTPA token expiration.
For IBM Rational Requirements Composer versions 4.0 through 4.0.7, update the configuration to terminate the RM session upon LTPA token expiration.
For Rational DOORS Next Generation (RDNG) versions 4.0 through 4.0.7, update the configuration to terminate the RM session upon LTPA token expiration.
For Rational DOORS Next Generation (RDNG) versions 5.0 through 5.0.2, update the configuration to terminate the RM session upon LTPA token expiration.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Ibm Rational Requirements Composer
Ibm Rational Doors Next Generation
Ibm Websphere Application Server