Lucene search

IbmCVELIST:CVE-2022-41291

HistoryOct 06, 2022 - 12:00 a.m.

CVE-2022-41291

2022-10-0600:00:00

ibm

www.cve.org

ibm

infosphere

session

vulnerability

impersonation

authentication

6.3 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C

6.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.8%

JSON

IBM InfoSphere Information Server 11.7 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 236699.

CNA Affected

[
  {
    "vendor": "IBM",
    "product": "InfoSphere Information Server",
    "versions": [
      {
        "version": "11.7",
        "status": "affected"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/236699

www.ibm.com/support/pages/node/6823109

6.3 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C

6.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.8%

JSON

Related for CVELIST:CVE-2022-41291