Uaa · Uaa · CVE-2025-22216
**Name of the Vulnerable Software and Affected Versions**
UAA (affected versions not specified)
**Description**
The issue concerns a UAA configured with multiple identity zones, where session information is not properly validated across those zones. This allows a user authenticated against a corporate IDP to re-use their `jsessionid` to access other zones.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.