IBM Cloud Pak for Security information disclosure

CVE-2022-38386

5.9MEDIUM

Key Information

Vendor: IBM
Status: Cloud Pak For Security; Qradar Suite For Software
Vendor: CVE Published:; 1 May 2024

Summary

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite for Software 1.10.12.0 through 1.10.19.0 does not set the SameSite attribute for sensitive cookies which could allow an attacker to obtain sensitive information using man-in-the-middle techniques. IBM X-Force ID: 233778.

Affected Version(s)

Cloud Pak for Security <= 1.10.11.0

QRadar Suite for Software <= 1.10.19.0

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
May 1, 2024
Vulnerability Reserved.
Aug 16, 2022

Collectors

NVD DatabaseMitre Database