CVE-2022-22318
Severity
9.8CRITICAL
EPSS
0.1%
top 70.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJun 20
Latest updateJun 21
Description
IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9