IBM Cloud Pak for Security Vulnerability Allows Local File Access
CVE-2022-38383

3.3LOW

Key Information:

Vendor: IBM
Status: Cloud Pak For Security; Qradar Suite Software
Vendor: CVE Published:; 28 June 2024

Summary

A vulnerability has been identified in IBM Cloud Pak for Security and IBM QRadar Software Suite that allows local web pages to be stored and subsequently read by unauthorized users on the same system. This issue affects specific versions of these products, potentially leading to exposure of sensitive information. Organizations utilizing these platforms are encouraged to review the affected versions and implement recommended mitigations to safeguard against possible unauthorized access.

Affected Version(s)

Cloud Pak for Security 1.10.0.0 <= 1.10.11.0

QRadar Suite Software 1.10.12.0 <= 1.10.21.0

References

https://www.ibm.com/support/pages/node/7158986

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/233673

vdb-entry

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 28, 2024
Vulnerability Reserved
Aug 16, 2022