Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
vulnrichmentIbmVULNRICHMENT:CVE-2022-38382
HistoryAug 13, 2024 - 1:01 a.m.

CVE-2022-38382 IBM Cloud Pak for Security session fixation

2024-08-1301:01:33
CWE-613
ibm
github.com
2
ibm cloud pak ibm qradar suite software cve-2022-38382 session fixation ibm x-force id 233672 sensitive information.

CVSS3

4.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

AI Score

4.6

Confidence

High

EPSS

0

Percentile

13.8%

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial

JSON

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 does not invalidate session after logout which could allow another user to obtain sensitive information. IBM X-Force ID: 233672.

CNA Affected

[
  {
    "cpes": [
      "cpe:2.3:a:ibm:qradar_suite:1.10.12.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:qradar_suite:1.10.23.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:cloud_pak_for_security:1.10.0.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:cloud_pak_for_security:1.10.11.0:*:*:*:*:*:*:*"
    ],
    "vendor": "IBM",
    "product": "QRadar Suite Software",
    "versions": [
      {
        "status": "affected",
        "version": "1.10.12.0",
        "versionType": "semver",
        "lessThanOrEqual": "1.10.23.0"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "IBM",
    "product": "Cloud Pak for Security",
    "versions": [
      {
        "status": "affected",
        "version": "1.10.0.0",
        "versionType": "semver",
        "lessThanOrEqual": "1.10.11.0"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Related

ibm 1
cvelist 1
nvd 1
cve 1
ibm
ibm
Security Bulletin: IBM QRadar Suite software is vulnerable to invalid session timeout
2024-08-12 14:48:07
cvelist
cvelist
CVE-2022-38382 IBM Cloud Pak for Security session fixation
2024-08-13 01:01:33
nvd
nvd
CVE-2022-38382
2024-08-13 02:15:04
cve
cve
CVE-2022-38382
2024-08-13 02:15:04

CVSS3

4.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

AI Score

4.6

Confidence

High

EPSS

0

Percentile

13.8%

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial

JSON
Related for VULNRICHMENT:CVE-2022-38382
ibm1cvelist1nvd1cve1