IBM Cúram Social Program Management is affected by session timeout issues. For these vulnerabilities some modal dialogs in SPM do not invalidate the session after timeout or logout, which could allow an authenticated user to impersonate another user on the system.
CVEID:CVE-2022-22318
**DESCRIPTION:**IBM Curam Social Program Management does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218283 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVEID:CVE-2022-22317
**DESCRIPTION:**IBM Curam Social Program Management does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218281 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Affected Product(s) | Version(s) |
---|---|
Cúram SPM | 8.0.0 - 8.0.1 |
Product | VRMF | Remediation |
---|---|---|
Cúram SPM | 8.0.1 | Visit IBM Fix Central and upgrade to 8.0.1_iFix4 or a subsequent 8.0.1 release. |
Based on current information, no IBM Cúram Social Program Management versions before V8 are impacted by the CVE-2022-22318, CVE-2022-22317 vulnerabilities.