nvd-json-data-feeds/CVE-2022/CVE-2022-383xx/CVE-2022-38382.json

{
  "id": "CVE-2022-38382",
  "sourceIdentifier": "psirt@us.ibm.com",
  "published": "2024-08-13T02:15:04.730",
  "lastModified": "2024-09-21T10:15:02.680",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 does not invalidate session after logout which could allow another authenticated user to obtain sensitive information.  IBM X-Force ID:  233672."
    },
    {
      "lang": "es",
      "value": "IBM Cloud Pak for Security (CP4S) 1.10.0.0 a 1.10.11.0 e IBM QRadar Suite Software 1.10.12.0 a 1.10.23.0 no invalidan la sesi\u00f3n despu\u00e9s del cierre de sesi\u00f3n, lo que podr\u00eda permitir que otro usuario obtenga informaci\u00f3n confidencial. ID de IBM X-Force: 233672."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "psirt@us.ibm.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
          "baseScore": 4.7,
          "baseSeverity": "MEDIUM",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4
      },
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N",
          "baseScore": 4.1,
          "baseSeverity": "MEDIUM",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 1.4
      }
    ]
  },
  "weaknesses": [
    {
      "source": "psirt@us.ibm.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-613"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:ibm:cloud_pak_for_security:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "1.10.0.0",
              "versionEndIncluding": "1.10.11.0",
              "matchCriteriaId": "8FA89838-3E05-4778-9323-DE51CC10FD18"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:ibm:qradar_suite:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "1.10.12.0",
              "versionEndIncluding": "1.10.23.0",
              "matchCriteriaId": "681CAB61-9525-422C-91F5-10AAEC7BC1BD"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/233672",
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry"
      ]
    },
    {
      "url": "https://www.ibm.com/support/pages/node/7165286",
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}