CVE-2022-38382

MEDIUM Year: 2022
CVSS v3 Score
4.1
Medium
Weakness Type
CWE-613
View all →

Vulnerability Description

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 does not invalidate session after logout which could allow another authenticated user to obtain sensitive information. IBM X-Force ID: 233672.

Related Vulnerabilities

CVE-2019-3867

MEDIUM
CVSS:4.1(Medium)

A vulnerability was found in the Quay web application. Sessions in the Quay web application never expire. An attacker, able to gain access to a session, could use it to control or delete a user's cont...

CWE-6132019

CVE-2023-4126

MEDIUM
CVSS:4.1(Medium)

Insufficient Session Expiration in GitHub repository answerdev/answer prior to v1.1.0.

CWE-6132023

CVE-2023-5838

MEDIUM
CVSS:4.1(Medium)

Insufficient Session Expiration in GitHub repository linkstackorg/linkstack prior to v4.2.9.

CWE-6132023

CVE-2020-4995

MEDIUM
CVSS:4.0(Medium)

IBM Security Identity Governance and Intelligence 5.2.6 does not invalidate session after logout which could allow a user to obtain sensitive information from another users' session. IBM X-Force ID: 1...

CWE-6132020

CVE-2021-29868

MEDIUM
CVSS:4.0(Medium)

IBM i2 iBase 8.9.13 and 9.0.0 could allow a local attacker to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 206213.

CWE-6132021

CVE-2025-1198

MEDIUM
CVSS:4.2(Medium)

An issue discovered in GitLab CE/EE affecting all versions from 16.11 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 meant that long-lived connections in ActionCable potentially allow...

CWE-6132025