CVE-2022-22318
CRITICALIBM Curam Social Program Management <8.0.2 - Privilege Escalation
Title source: llmDescription
IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
References (2)
Core 2
Core References
Patch, Vendor Advisory x_refsource_confirm
https://www.ibm.com/support/pages/node/6596049
VDB Entry, Vendor Advisory vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/218283
Scores
CVSS v3
9.8
EPSS
0.0011
EPSS Percentile
29.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-613
Status
published
Products (2)
ibm/curam_social_program_management
8.0.0
ibm/curam_social_program_management
8.0.1
Published
Jun 20, 2022
Tracked Since
Feb 18, 2026