Severity
Medium
Analysis Summary
CVE-2022-22318
IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
CVE-2022-22317
IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
Impact
- Privilege Escalation
Indicators Of Compromise
CVE
- CVE-2022-22318
- CVE-2022-22317
Affected Vendors
IBM
Affected Products
- IBM Curam Social Program Management 8.0.0
- IBM Curam Social Program Management 8.0.1
Remediation
Refer to IBM Security Bulletin for patch, upgrade or suggested workaround information.