IBM Cloud Pak for Security information disclosure

CVE-2022-38386

5.9MEDIUM

Key Information

Vendor
IBM
Status
Cloud Pak For Security
Qradar Suite For Software
Vendor
CVE Published:
1 May 2024

Summary

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite for Software 1.10.12.0 through 1.10.19.0 does not set the SameSite attribute for sensitive cookies which could allow an attacker to obtain sensitive information using man-in-the-middle techniques. IBM X-Force ID: 233778.

Affected Version(s)

Cloud Pak for Security <= 1.10.11.0

QRadar Suite for Software <= 1.10.19.0

Refferences

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.