CVE-2022-41291
First published: Thu Oct 06 2022(Updated: )
IBM InfoSphere Information Server 11.7 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 236699.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ibm Infosphere Information Server | =11.7 | |
| IBM AIX | ||
| Linux Linux kernel | ||
| Microsoft Windows | ||
| <=11.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-41291?
CVE-2022-41291 is a vulnerability in IBM InfoSphere Information Server 11.7 that allows an authenticated user to impersonate another user on the system due to not invalidating the session after logout.
How severe is CVE-2022-41291?
CVE-2022-41291 has a severity rating of 6.5, which is classified as medium severity.
Which systems are affected by CVE-2022-41291?
IBM InfoSphere Information Server 11.7 is affected by CVE-2022-41291.
How can I fix CVE-2022-41291?
To fix CVE-2022-41291, you should apply the patch provided by IBM, which can be found at [https://www.ibm.com/support/docview.wss?uid=ibm10878310](https://www.ibm.com/support/docview.wss?uid=ibm10878310).
Is IBM AIX affected by CVE-2022-41291?
No, IBM AIX is not vulnerable to CVE-2022-41291.
- collector/nvd-index
- agent/references
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/remedy
- agent/severity
- agent/description
- agent/tags
- agent/softwarecombine
- agent/event
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- vendor/ibm
- canonical/ibm infosphere information server
- version/ibm infosphere information server/11.7
- canonical/ibm aix
- vendor/linux
- canonical/linux linux kernel
- vendor/microsoft
- canonical/microsoft windows