Unauthorized Access to Sensitive Information Possible After Logout
CVE-2022-38382
4.1MEDIUM
Key Information:
- Vendor
IBM
- Vendor
- CVE Published:
- 13 August 2024
What is CVE-2022-38382?
A session management issue exists in IBM Cloud Pak for Security (CP4S) and IBM QRadar Suite. This vulnerability allows a user to bypass session invalidation upon logout, potentially enabling unauthorized access to user sessions. As a result, another authenticated user may be able to retrieve sensitive information that should have been secured post-logout. Users of the affected versions should consider applying available patches and enhancing session management practices to safeguard sensitive data.
Affected Version(s)
Cloud Pak for Security 1.10.0.0 <= 1.10.11.0
QRadar Suite Software 1.10.12.0 <= 1.10.23.0