Vulnerabilities > IBM > Curam Social Program Management > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-06-20 CVE-2022-22318 Insufficient Session Expiration vulnerability in IBM Curam Social Program Management 8.0.0/8.0.1
IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
network
low complexity
ibm CWE-613
critical
 9.8
9.8
2022-06-20 CVE-2022-22317 Insufficient Session Expiration vulnerability in IBM Curam Social Program Management 8.0.0/8.0.1
IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
network
low complexity
ibm CWE-613
critical
 9.8
9.8
2017-03-31 CVE-2016-6111 XXE vulnerability in IBM Curam Social Program Management
IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data.
network
low complexity
ibm CWE-611
critical
 9.1
9.1