Session Management Flaw in IBM Curam Social Program Management
CVE-2022-22317

5.9MEDIUM

Key Information:

Vendor: IBM
Status: Curam Social Program Management
Vendor: CVE Published:; 20 June 2022

Summary

The IBM Curam Social Program Management versions 8.0.0 and 8.0.1 are susceptible to a session management vulnerability. This issue arises due to the application failing to invalidate sessions post-logout, which may allow an authenticated user to impersonate another user. This vulnerability compromises user authentication and can lead to unauthorized access to sensitive information and functionalities within the system.

Affected Version(s)

Curam Social Program Management 8.0.0

Curam Social Program Management 8.0.1

References

https://www.ibm.com/support/pages/node/6596049

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/218281

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 20, 2022
Vulnerability Reserved
Jan 3, 2022