CVE-2011-2682 - Vulnerability Details - OpenCVE

The Login component in IBM Rational DOORS Web Access 1.4.x before 1.4.0.4 allows remote authenticated users to cause a denial of service (license consumption) by trying to login to DOORS Web Access with a new user account that has never been used for a DOORS login.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Rational Doors Web Access

Configuration 1 [-]

OR	cpe:2.3:a:ibm:rational_doors_web_access:1.4:::::::*
	cpe:2.3:a:ibm:rational_doors_web_access:1.4.0.1:::::::*
	cpe:2.3:a:ibm:rational_doors_web_access:1.4.0.2:::::::*
	cpe:2.3:a:ibm:rational_doors_web_access:1.4.0.3:::::::*

No data.

References

Link	Providers
http://www-01.ibm.com/support/docview.wss?uid=swg1PM38477
http://www.ibm.com/support/docview.wss?uid=swg27020404
http://www.securityfocus.com/bid/48520
https://exchange.xforce.ibmcloud.com/vulnerabilities/68484

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2011-07-07T19:00:00

Updated: 2024-08-06T23:08:23.819Z

Reserved: 2011-07-07T00:00:00

Link: CVE-2011-2682

Vulnrichment

No data.

NVD

Status : Modified

Published: 2011-07-07T19:55:03.460

Modified: 2024-11-21T01:28:45.260

Link: CVE-2011-2682

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-06-29T00:00:00", "descriptions": [{"lang": "en", "value": "The Login component in IBM Rational DOORS Web Access 1.4.x before 1.4.0.4 allows remote authenticated users to cause a denial of service (license consumption) by trying to login to DOORS Web Access with a new user account that has never been used for a DOORS login."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "PM38477", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM38477"}, {"name": "48520", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/48520"}, {"name": "rational-doors-login-dos(68484)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68484"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.ibm.com/support/docview.wss?uid=swg27020404"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-2682", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Login component in IBM Rational DOORS Web Access 1.4.x before 1.4.0.4 allows remote authenticated users to cause a denial of service (license consumption) by trying to login to DOORS Web Access with a new user account that has never been used for a DOORS login."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "PM38477", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM38477"}, {"name": "48520", "refsource": "BID", "url": "http://www.securityfocus.com/bid/48520"}, {"name": "rational-doors-login-dos(68484)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68484"}, {"name": "http://www.ibm.com/support/docview.wss?uid=swg27020404", "refsource": "CONFIRM", "url": "http://www.ibm.com/support/docview.wss?uid=swg27020404"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T23:08:23.819Z"}, "title": "CVE Program Container", "references": [{"name": "PM38477", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM38477"}, {"name": "48520", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/48520"}, {"name": "rational-doors-login-dos(68484)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68484"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=swg27020404"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-2682", "datePublished": "2011-07-07T19:00:00", "dateReserved": "2011-07-07T00:00:00", "dateUpdated": "2024-08-06T23:08:23.819Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:rational_doors_web_access:1.4:*:*:*:*:*:*:*", "matchCriteriaId": "2347864E-CE89-4040-9E3B-BD313EDC9D72", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_doors_web_access:1.4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "5D802796-E44F-4CE1-8E76-052B68A155B7", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_doors_web_access:1.4.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "3D9E4780-5519-4AF5-A09A-51B2CDAE4001", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_doors_web_access:1.4.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "997B0415-9629-4EF6-B681-FA44A38258FC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Login component in IBM Rational DOORS Web Access 1.4.x before 1.4.0.4 allows remote authenticated users to cause a denial of service (license consumption) by trying to login to DOORS Web Access with a new user account that has never been used for a DOORS login."}, {"lang": "es", "value": "El componente de inicio de sesi\u00f3n en IBM Rational DOORS Web Access v1.4.x antes de v1.4.0.4 permite a usuarios remotos autenticados provocar una denegaci\u00f3n de servicio (consumo de licencia) al tratar de acceder a DOORS Web Access con una nueva cuenta de usuario que nunca ha sido utilizado para un inicio de sesi\u00f3n de DOORS."}], "id": "CVE-2011-2682", "lastModified": "2024-11-21T01:28:45.260", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-07-07T19:55:03.460", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM38477"}, {"source": "cve@mitre.org", "url": "http://www.ibm.com/support/docview.wss?uid=swg27020404"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/48520"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68484"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM38477"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ibm.com/support/docview.wss?uid=swg27020404"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/48520"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68484"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}