CVE-2022-38386

Summary

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite for Software 1.10.12.0 through 1.10.19.0 does not set the SameSite attribute for sensitive cookies which could allow an attacker to obtain sensitive information using man-in-the-middle techniques. IBM X-Force ID: 233778.

Affected Software

VendorProductVersion RangeStatus
IBMCloud Pak for Security1.10.0.0 <= 1.10.11.0affected
IBMQRadar Suite for Software1.10.12.0 <= 1.10.19.0affected

Weaknesses

  • CWE-1275: CWE-1275 Sensitive Cookie with Improper SameSite Attribute

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References