CVE-2022-38386
published 2024-05-01CVE-2022-38386: IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite for Software 1.10.12.0 through 1.10.19.0 does not set the SameSite attribute…
medium5.9CVSS 3.1
AVNACHPRNUINSUCHINAN
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite for Software 1.10.12.0 through 1.10.19.0 does not set the SameSite attribute for sensitive cookies which could allow an attacker to obtain sensitive information using man-in-the-middle techniques. IBM X-Force ID: 233778.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | cloud_pak_for_security | 1.10.0.0 – 1.10.11.0 | — |
| ibm | qradar_suite | 1.10.12.0 – 1.10.19.0 | — |
| ibm | qradar_suite_for_software | 1.10.12.0 – 1.10.19.0 | — |