CVE-2024-22351 — Insufficient Session Expiration in IBM Infosphere Information Server

CWE-613 — Insufficient Session Expiration3 documents3 sources

Severity

6.3MEDIUMNVD

EPSS

0.1%

top 64.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Infosphere Information Server

Timeline

PublishedApr 23

Latest updateApr 24

Description

IBM InfoSphere Information 11.7 Server does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4

Affected Packages2 packages

▶NVDibm/infosphere_information_server11.7 — 11.7.1

▶CVEListV5ibm/infosphere_information_server11.7

🔴Vulnerability Details

GHSA

GHSA-79gg-w7m7-c3gc: IBM InfoSphere Information 11↗2025-04-24

▶

CVEList

IBM InfoSphere Information Server session fixation↗2025-04-23

▶