CVE-2022-22317

CWE-613 — Insufficient Session Expiration3 documents3 sources

Severity

9.8CRITICAL

EPSS

0.1%

top 70.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Curam Social Program Management

Timeline

PublishedJun 20

Latest updateJun 21

Description

IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 218281.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5ibm/curam_social_program_management8.0.0, 8.0.1+1

▶NVDibm/curam_social_program_management8.0.0, 8.0.1+1

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-24vj-7479-5mqc: IBM Curam Social Program Management 8↗2022-06-21

▶

CVEList

CVE-2022-22317: IBM Curam Social Program Management 8↗2022-06-20

▶