CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-22318
https://notcve.org/view.php?id=CVE-2022-22318
20 Jun 2022 — IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM Curam Social Program Management versiones 8.0.0 y 8.0.1, no invalida la sesión tras el cierre de sesión, lo que podría permitir a un usuario autenticado hacerse pasar por otro usuario en el sistema • https://exchange.xforce.ibmcloud.com/vulnerabilities/218283 • CWE-613: Insufficient Session Expiration •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-22317
https://notcve.org/view.php?id=CVE-2022-22317
20 Jun 2022 — IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 218281. IBM Curam Social Program Management versiones 8.0.0 y 8.0.1, no invalida la sesión tras el cierre de sesión, lo que podría permitir a un usuario autenticado hacerse pasar por otro en el sistema. IBM X-Force ID: 218281 • https://exchange.xforce.ibmcloud.com/vulnerabilities/218281 • CWE-613: Insufficient Session Expiration •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2021-39068
https://notcve.org/view.php?id=CVE-2021-39068
11 Apr 2022 — IBM Curam Social Program Management 8.0.1 and 7.0.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 215306. IBM Curam Social Program Management versiones 8.0.1 y 7.0.11, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la I... • https://exchange.xforce.ibmcloud.com/vulnerabilities/215306 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •