CVE-2022-22317 - IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which c

CVE-2022-22317

Summary

IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 218281.

References

Vulnerable Configurations

cpe:2.3:a:ibm:curam_social_program_management:8.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:curam_social_program_management:8.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:curam_social_program_management:8.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:curam_social_program_management:8.0.0:*:*:*:*:*:*:*
cpe:2.3:o:ibm:z\/os:-:*:*:*:*:*:*:*
cpe:2.3:o:ibm:z\/os:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*
cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*
cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*
cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*

CVSS

Base:	7.5 (as of 28-06-2022 - 12:23)
Impact:
Exploitability:

CWE

CWE-613

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

Last major update

28-06-2022 - 12:23

Published

20-06-2022 - 17:15

Last modified

28-06-2022 - 12:23