Vulnerabilities > CVE-2015-0121 - Local Privilege Escalation vulnerability in IBM products

047910
CVSS 3.7 - LOW
Attack vector
LOCAL
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
local
high complexity
ibm

Summary

IBM Rational Requirements Composer 3.0 through 3.0.1.6 and 4.0 through 4.0.7 and Rational DOORS Next Generation (RDNG) 4.0 through 4.0.7 and 5.0 through 5.0.2, when LTPA single sign on is used with WebSphere Application Server, do not terminate a Requirements Management (RM) session upon LTPA token expiration, which allows remote attackers to obtain access by leveraging an unattended workstation. <a href="https://cwe.mitre.org/data/definitions/613.html">CWE-613: Insufficient Session Expiration</a>