Session Management Vulnerability in IBM Curam Social Program Management
CVE-2022-22318

5.9MEDIUM

Key Information:

Vendor: IBM
Status: Curam Social Program Management
Vendor: CVE Published:; 20 June 2022

Summary

IBM Curam Social Program Management versions 8.0.0 and 8.0.1 exhibit a session management flaw that fails to properly invalidate user sessions upon logout. This oversight allows an authenticated user the potential to impersonate another user within the system, posing a significant security risk. Proper session handling is essential for ensuring user integrity and confidentiality within applications. It is crucial for users of affected versions to be aware of this issue and to apply any patches or updates provided by IBM to mitigate the risks associated with this vulnerability.

Affected Version(s)

Curam Social Program Management 8.0.0

Curam Social Program Management 8.0.1

References

https://www.ibm.com/support/pages/node/6596049

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/218283

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 20, 2022
Vulnerability Reserved
Jan 3, 2022