CVE-2022-22318 - IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which c

CVE-2022-22318

Summary

IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.

References

Vulnerable Configurations

cpe:2.3:a:ibm:curam_social_program_management:8.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:curam_social_program_management:8.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:curam_social_program_management:8.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:curam_social_program_management:8.0.0:*:*:*:*:*:*:*
cpe:2.3:o:ibm:z\/os:-:*:*:*:*:*:*:*
cpe:2.3:o:ibm:z\/os:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*
cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*
cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*
cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*

CVSS

Base:	6.5 (as of 28-06-2022 - 12:22)
Impact:
Exploitability:

CWE

CWE-613

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:S/C:P/I:P/A:P

Last major update

28-06-2022 - 12:22

Published

20-06-2022 - 17:15

Last modified

28-06-2022 - 12:22