CVE-2022-38386
MEDIUMIBM Cloud Pak for Security <1.10.11.0 - Info Disclosure
Title source: llmDescription
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite for Software 1.10.12.0 through 1.10.19.0 does not set the SameSite attribute for sensitive cookies which could allow an attacker to obtain sensitive information using man-in-the-middle techniques. IBM X-Force ID: 233778.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
https://www.ibm.com/support/pages/node/7149811
Vendor Advisory vdb-entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/233778
Scores
CVSS v3
5.9
EPSS
0.0007
EPSS Percentile
21.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-1275
Status
published
Products (2)
ibm/cloud_pak_for_security
1.10.0.0 - 1.10.11.0
ibm/qradar_suite
1.10.12.0 - 1.10.19.0
Published
May 01, 2024
Tracked Since
Feb 18, 2026