CVE-2022-38386

CWE-12753 documents3 sources
Severity
5.9MEDIUM
EPSS
0.1%
top 78.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
IBM Cloud PAK FOR SecurityIBM Qradar Suite FOR SoftwareIBM Qradar Suite
Timeline
PublishedMay 1

Description

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite for Software 1.10.12.0 through 1.10.19.0 does not set the SameSite attribute for sensitive cookies which could allow an attacker to obtain sensitive information using man-in-the-middle techniques. IBM X-Force ID: 233778.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages4 packages

CVEListV5ibm/qradar_suite_for_software1.10.12.01.10.19.0
NVDibm/qradar_suite1.10.12.01.10.19.0
CVEListV5ibm/cloud_pak_for_security1.10.0.01.10.11.0
NVDibm/cloud_pak1.10.0.01.10.11.0

🔴Vulnerability Details

2
CVEList
IBM Cloud Pak for Security information disclosure2024-05-01
GHSA
GHSA-3fp6-h65v-mprr: IBM Cloud Pak for Security (CP4S) 12024-05-01
CVE-2022-38386 (MEDIUM CVSS 5.9) | IBM Cloud Pak for Security (CP4S) 1 | cvebase.io