Rational Requirements Composer
CVE-2015-0132
HIGH
Severity by source
AV:N/AC:L/Au:N/C:N/I:N/A:C
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:N/AC:L/Au:N/C:N/I:N/A:C
Lifecycle Timeline
1DescriptionCVE.org
The XML parser in IBM Rational DOORS Next Generation 4.x before 4.0.7 iFix3 and 5.x before 5.0.2 and Rational Requirements Composer 2.x and 3.x before 3.0.1.6 iFix5 and 4.x before 4.0.7 iFix3 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
AnalysisAI
The XML parser in IBM Rational DOORS Next Generation 4.x before 4.0.7 iFix3 and 5.x before 5.0.2 and Rational Requirements Composer 2.x and 3.x before 3.0.1.6 iFix5 and 4.x before 4.0.7 iFix3 does. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-399. The XML parser in IBM Rational DOORS Next Generation 4.x before 4.0.7 iFix3 and 5.x before 5.0.2 and Rational Requirements Composer 2.x and 3.x before 3.0.1.6 iFix5 and 4.x before 4.0.7 iFix3 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. Affected products include: Ibm Rational Requirements Composer, Ibm Rational Doors Next Generation. Version information: before 4.0.7.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF
IBM Rational Jazz Team Server (JTS), as used in Rational Collaborative Lifecycle Management 3.x and 4.x before 4.0.7 iFi
IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS
IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS
IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS
IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS
IBM DOORS Next Generation (DNG/RRC) 4.07, 5.0, and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVS
Unspecified vulnerability in IBM Rational Requirements Composer before 4.0.4 makes it easier for remote attackers to dis
IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS
IBM Rational DOORS Next Generation 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5
IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to HTML injection. Rated medium severity (CVSS 5.4),
IBM Rational Requirements Composer before 4.0.4 does not properly perform authentication, which has unspecified impact a
Same weakness CWE-399 – Resource Management Errors
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today