CVE-2022-38382: IBM Cloud Pak for Security session fixation
First published: Mon Aug 12 2024(Updated: )
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 does not invalidate session after logout which could allow another authenticated user to obtain sensitive information. IBM X-Force ID: 233672.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Cloud Pak for Security | <=1.10.0.0 - 1.10.11.0 | |
| IBM QRadar Suite Software | <=1.10.12.0 - 1.10.23.0 | |
| IBM Cloud Pak for Security | >=1.10.0.0<=1.10.11.0 | |
| IBM QRadar Suite | >=1.10.12.0<=1.10.23.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/title
- agent/weakness
- agent/references
- agent/type
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- agent/softwarecombine
- agent/description
- agent/first-publish-date
- agent/severity
- agent/author
- agent/event
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- vendor/ibm
- canonical/ibm cloud pak for security
- version/ibm cloud pak for security/1.10.0.0 - 1.10.11.0
- canonical/ibm qradar suite software
- version/ibm qradar suite software/1.10.12.0 - 1.10.23.0
- version/ibm cloud pak for security/1.10.0.0
- version/ibm cloud pak for security/1.10.11.0
- canonical/ibm qradar suite
- version/ibm qradar suite/1.10.12.0
- version/ibm qradar suite/1.10.23.0