CVE-2022-38707: IBM Cognos Command Center information disclosure

Q: What is the severity of CVE-2022-38707?

The severity of CVE-2022-38707 is medium with a severity value of 5.5.

Q: How does IBM Cognos Command Center 10.2.4.1 allow information disclosure?

IBM Cognos Command Center 10.2.4.1 allows information disclosure due to insufficient session expiration.

Q: What is the IBM X-Force ID associated with CVE-2022-38707?

The IBM X-Force ID associated with CVE-2022-38707 is 234179.

Q: How can I fix the vulnerability in IBM Cognos Command Center 10.2.4.1?

To fix the vulnerability in IBM Cognos Command Center 10.2.4.1, it is recommended to apply the necessary patches or updates provided by IBM.

Q: What is the Common Weakness Enumeration (CWE) ID for CVE-2022-38707?

The Common Weakness Enumeration (CWE) ID for CVE-2022-38707 is 613.

Published May 4, 2023

Updated

IBM Cognos Command Center 10.2.4.1 could allow a local attacker to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 234179.

Other sources

IBM Cognos Command Center could allow a local attacker to obtain sensitive information due to insufficient session expiration.

IBM Cognos Command Center information disclosure

Affected Software

3 affected components

IBM Cognos Command Center<=10.2.4.1

IBM Cognos Command Center=10.2.4.1

IBM Cognos Command Center<=10.2.4.1

Remediation

Patch Available

https://www.ibm.com/support/pages/node/6983274

Event History

May 4, 2023

Advisory Published

12:00 AM

CVE Published

12:00 AM

May 5, 2023

CVE Published

via MITRE·01:54 PM

Data Sourced

via MITRE·01:54 PM

DescriptionSeverityWeakness

Data Sourced

02:15 PM

DescriptionWeakness

Parent advisories

This vulnerability appears in the following advisories.

IBM-6983274

Frequently Asked Questions

What is the severity of CVE-2022-38707?

The severity of CVE-2022-38707 is medium with a severity value of 5.5.

How does IBM Cognos Command Center 10.2.4.1 allow information disclosure?