CVE-2022-38382

Summary

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 does not invalidate session after logout which could allow another authenticated user to obtain sensitive information. IBM X-Force ID: 233672.

Affected Software

VendorProductVersion RangeStatus
IBMQRadar Suite Software1.10.12.0 <= 1.10.23.0affected
IBMCloud Pak for Security1.10.0.0 <= 1.10.11.0affected

Weaknesses

  • CWE-613: CWE-613 Insufficient Session Expiration

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References