IBM32B9FCD72BAC6327AE27B213C58AC1B2708E4CC0328D0EB901BAEF52CDABC51CSecurity Bulletin: Cúram Social Program Management is affected by session timeout issues (CVE-2022-22318, CVE-2022-22317)
0.001 Low
EPSS
Percentile
51.1%
Summary
IBM Cúram Social Program Management is affected by session timeout issues. For these vulnerabilities some modal dialogs in SPM do not invalidate the session after timeout or logout, which could allow an authenticated user to impersonate another user on the system.
Vulnerability Details
CVEID:CVE-2022-22318
**DESCRIPTION:**IBM Curam Social Program Management does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218283 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVEID:CVE-2022-22317
**DESCRIPTION:**IBM Curam Social Program Management does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218281 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| Cúram SPM | 8.0.0 - 8.0.1 |
Remediation/Fixes
| Product | VRMF | Remediation |
|---|---|---|
| Cúram SPM | 8.0.1 | Visit IBM Fix Central and upgrade to 8.0.1_iFix4 or a subsequent 8.0.1 release. |
Workarounds and Mitigations
Based on current information, no IBM Cúram Social Program Management versions before V8 are impacted by the CVE-2022-22318, CVE-2022-22317 vulnerabilities.
| CPE | Name | Operator | Version |
|---|---|---|---|
| cúram social program management | eq | any |
Related
0.001 Low
EPSS
Percentile
51.1%