Overview
- Description
- IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 does not invalidate session after logout which could allow another authenticated user to obtain sensitive information. IBM X-Force ID: 233672.
- Source
- psirt@us.ibm.com
- NVD status
- Modified
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 4.1
- Impact score
- 1.4
- Exploitability score
- 2.3
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N
- Severity
- MEDIUM
Weaknesses
- psirt@us.ibm.com
- CWE-613
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_security:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8FA89838-3E05-4778-9323-DE51CC10FD18",
"versionEndIncluding": "1.10.11.0",
"versionStartIncluding": "1.10.0.0"
},
{
"criteria": "cpe:2.3:a:ibm:qradar_suite:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "681CAB61-9525-422C-91F5-10AAEC7BC1BD",
"versionEndIncluding": "1.10.23.0",
"versionStartIncluding": "1.10.12.0"
}
],
"operator": "OR"
}
]
}
]