What is CVE-2022-38382?

CVE-2022-38382 is a medium-severity vulnerability in Ibm Cloud Pak For Security, classified under Insufficient Session Expiration. CVSS score: 4.7/10. Published 2024-08-13.

How severe is CVE-2022-38382?

Medium severity. CVSS v3 base score is 4.7 out of 10.

Is CVE-2022-38382 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Ibm Cloud Pak For Security

CVE-2022-38382

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 does not invalidate session after logout which could allow another authenticated user to obtain sensitive information…

EPSS: 0.001 (25.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.7 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N.

Affected products

Ibm Cloud Pak For Security — versions 1.10.0.0
Ibm Qradar Suite Software — versions 1.10.12.0

Weakness classification (CWE)

CWE-613 — Insufficient Session Expiration

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

www.ibm.com/support/pages/node/7165286 (vendor-advisory)
exchange.xforce.ibmcloud.com/vulnerabilities/233672 (vdb-entry)

Frequently asked questions

What is CVE-2022-38382?: CVE-2022-38382 is a medium-severity vulnerability in Ibm Cloud Pak For Security, classified under Insufficient Session Expiration. CVSS score: 4.7/10. Published 2024-08-13.
How severe is CVE-2022-38382?: Medium severity. CVSS v3 base score is 4.7 out of 10.
Is CVE-2022-38382 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.