PT-2023-13637 · Ibm · Ibm Cognos Command Center
Published
2023-05-05
·
Updated
2023-05-11
·
CVE-2022-38707
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Cognos Command Center version 10.2.4.1
Description
The issue allows a local attacker to obtain sensitive information due to insufficient session expiration.
Recommendations
For IBM Cognos Command Center version 10.2.4.1, consider implementing proper session expiration mechanisms to prevent sensitive information disclosure. As a temporary workaround, restrict access to sensitive data until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Insufficient Session Expiration
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Cognos Command Center