CVE-2022-38382

CWE-613Insufficient Session Expiration3 documents3 sources
Severity
4.1MEDIUM
EPSS
0.1%
top 74.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
IBM Cloud PAK FOR SecurityIBM Qradar Suite SoftwareIBM Qradar Suite
Timeline
PublishedAug 13

Description

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 does not invalidate session after logout which could allow another authenticated user to obtain sensitive information. IBM X-Force ID: 233672.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages4 packages

CVEListV5ibm/qradar_suite_software1.10.12.01.10.23.0
NVDibm/qradar_suite1.10.12.01.10.23.0
CVEListV5ibm/cloud_pak_for_security1.10.0.01.10.11.0
NVDibm/cloud_pak1.10.0.01.10.11.0

🔴Vulnerability Details

2
CVEList
IBM Cloud Pak for Security session fixation2024-08-13
GHSA
GHSA-r67g-69pq-w76x: IBM Cloud Pak for Security (CP4S) 12024-08-13
CVE-2022-38382 (MEDIUM CVSS 4.1) | IBM Cloud Pak for Security (CP4S) 1 | cvebase.io