IBM Cloud Pak for Security information disclosure
CVE-2022-38386
5.9MEDIUM
Key Information
- Vendor
- IBM
- Status
- Cloud Pak For Security
- Qradar Suite For Software
- Vendor
- CVE Published:
- 1 May 2024
Summary
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite for Software 1.10.12.0 through 1.10.19.0 does not set the SameSite attribute for sensitive cookies which could allow an attacker to obtain sensitive information using man-in-the-middle techniques. IBM X-Force ID: 233778.
Affected Version(s)
Cloud Pak for Security <= 1.10.11.0
QRadar Suite for Software <= 1.10.19.0
Refferences
CVSS V3.1
Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database