Session Invalidation Vulnerability in IBM Curam Social Program Management 8.0.0 and 8.0.1

Session Invalidation Vulnerability in IBM Curam Social Program Management 8.0.0 and 8.0.1

CVE-2022-22318 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.

Learn more about our Social Engineering.