Summaryinfo

A vulnerability was found in IBM Cognos Command Center 10.2.4.1 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to session expiration. This vulnerability is handled as CVE-2022-38707. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Detailsinfo

A vulnerability has been found in IBM Cognos Command Center 10.2.4.1 (Business Process Management Software) and classified as problematic. Affected by this vulnerability is an unknown code. The manipulation with an unknown input leads to a session expiration vulnerability. The CWE definition for the vulnerability is CWE-613. According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization." As an impact it is known to affect confidentiality. The summary by CVE is:

IBM Cognos Command Center 10.2.4.1 could allow a local attacker to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 234179.

The weakness was disclosed 05/05/2023. It is possible to read the advisory at ibm.com. This vulnerability is known as CVE-2022-38707 since 08/23/2022. The technical details are unknown and an exploit is not publicly available.

Upgrading eliminates this vulnerability.

The vulnerability is also documented in the vulnerability database at X-Force (234179). Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Productinfo

Type

• Business Process Management Software

Vendor

• IBM

Name

• Cognos Command Center

Version

• 10.2.4.1

License

• commercial

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion