CVE-2022-38386
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite for Software 1.10.12.0 through 1.10.19.0 does not set the SameSite attribute for sensitive cookies which could allow an attacker to obtain sensitive information using man-in-the-middle techniques. IBM X-Force ID: 233778.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| IBM | Cloud Pak for Security | 1.10.0.0 <= 1.10.11.0 | affected |
| IBM | QRadar Suite for Software | 1.10.12.0 <= 1.10.19.0 | affected |
Weaknesses
- CWE-1275: CWE-1275 Sensitive Cookie with Improper SameSite Attribute
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
CVE Program Container
Additional References
- https://www.ibm.com/support/pages/node/7149811
- https://exchange.xforce.ibmcloud.com/vulnerabilities/233778
References
- https://www.ibm.com/support/pages/node/7149811
- https://exchange.xforce.ibmcloud.com/vulnerabilities/233778
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.