CVE-2022-22318 MEDIUM

CVE-2022-22318

Vendor Ibm
Product Curam Social Program Management
Published June 20, 2022
Last update September 16, 2024

CVSS base score

5.9/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/PR:N/AV:L/A:L/I:L/S:U/AC:L/UI:N/C:L/E:U/RL:O/RC:C

What the vulnerability does

01Description

IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.

Key dates

02Disclosure timeline

June 20, 2022 CVE published
September 16, 2024 Record updated