Unauthorized Access to Sensitive Information Possible After Logout

CVE-2022-38382

4.1MEDIUM

Key Information

Vendor: IBM
Status: Qradar Suite Software; Cloud Pak For Security
Vendor: CVE Published:; 13 August 2024

Summary

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 does not invalidate session after logout which could allow another authenticated user to obtain sensitive information. IBM X-Force ID: 233672.

Affected Version(s)

QRadar Suite Software <= 1.10.23.0

Cloud Pak for Security <= 1.10.11.0

CVSS V3.1

Score:

4.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Risk change from: 4.1 to: 4.7 - (MEDIUM)
Sep 21, 2024
Risk change from: 4.1 to: 4.7 - (MEDIUM)
Sep 21, 2024
Vulnerability published.
Aug 13, 2024
Vulnerability Reserved.
Aug 16, 2022

Collectors

NVD DatabaseMitre Database