IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 218281.
According to WASC, “Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.”
Name | Vendor | Start Version | End Version |
---|---|---|---|
Curam_social_program_management | Ibm | 8.0.0 (including) | 8.0.0 (including) |
Curam_social_program_management | Ibm | 8.0.1 (including) | 8.0.1 (including) |