2 matches found
CVE-2022-22317
CVE-2022-22317 affects IBM Cúram Social Program Management 8.0.0–8.0.1. A code issue causes the session not to be invalidated after logout, enabling an authenticated user to impersonate another user. Connected sources (CNVD-2022-54649, IBM bulletin) confirm the root cause and affected versions, a...
Security Bulletin: Cúram Social Program Management is affected by session timeout issues (CVE-2022-22318, CVE-2022-22317)
Summary IBM Cúram Social Program Management is affected by session timeout issues. For these vulnerabilities some modal dialogs in SPM do not invalidate the session after timeout or logout, which could allow an authenticated user to impersonate another user on the system. Vulnerability Details...