CVE-2022-38707: IBM Cognos Command Center information disclosure
First published: Thu May 04 2023(Updated: )
IBM Cognos Command Center 10.2.4.1 could allow a local attacker to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 234179.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Cognos Command Center | <=10.2.4.1 | |
| IBM Cognos Command Center | =10.2.4.1 | |
| IBM Cognos Command Center | <=10.2.4.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-38707?
The severity of CVE-2022-38707 is medium with a severity value of 5.5.
How does IBM Cognos Command Center 10.2.4.1 allow information disclosure?
IBM Cognos Command Center 10.2.4.1 allows information disclosure due to insufficient session expiration.
What is the IBM X-Force ID associated with CVE-2022-38707?
The IBM X-Force ID associated with CVE-2022-38707 is 234179.
How can I fix the vulnerability in IBM Cognos Command Center 10.2.4.1?
To fix the vulnerability in IBM Cognos Command Center 10.2.4.1, it is recommended to apply the necessary patches or updates provided by IBM.
What is the Common Weakness Enumeration (CWE) ID for CVE-2022-38707?
The Common Weakness Enumeration (CWE) ID for CVE-2022-38707 is 613.
- collector/nvd-latest
- collector/xforce-vulnerability
- alias/CVE-2022-38707
- collector/nvd-index
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/weakness
- agent/author
- agent/title
- agent/last-modified-date
- agent/references
- agent/severity
- agent/description
- agent/event
- agent/tags
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- vendor/ibm
- canonical/ibm cognos command center
- version/ibm cognos command center/10.2.4.1