← back
CVE-2022-38382

IBM Cloud Pak for Security session fixation

CVSS 4.7 MEDIUMEPSS 0.3%CWE-613
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 does not invalidate session after logout which could allow another authenticated user to obtain sensitive information. IBM X-Force ID: 233672.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
Affected products
IBM · Cloud Pak for SecurityIBM · QRadar Suite Software

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/233672https://www.ibm.com/support/pages/node/7165286