Vulnerability Details : CVE-2022-38383
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Software Suite 1.10.12.0 through 1.10.21.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 233673.
Products affected by CVE-2022-38383
- IBM » Cloud Pak For SecurityVersions from including (>=) 1.10.0.0 and up to, including, (<=) 1.10.11.0cpe:2.3:a:ibm:cloud_pak_for_security:*:*:*:*:*:*:*:*
- IBM » Cloud Pak For SecurityVersions from including (>=) 1.10.0.0 and up to, including, (<=) 1.10.11.0cpe:2.3:a:ibm:cloud_pak_for_security:*:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:qradar_suite:*:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:qradar_suite:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-38383
0.03%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 4 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-38383
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
3.3
|
LOW | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
1.8
|
1.4
|
NIST | 2024-08-01 |
|
4.0
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
2.5
|
1.4
|
IBM Corporation | 2024-06-28 |
CWE ids for CVE-2022-38383
-
The web application does not use an appropriate caching policy that specifies the extent to which each web page and associated form fields should be cached.Assigned by: psirt@us.ibm.com (Secondary)
References for CVE-2022-38383
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/233673
IBM Cloud Pak for Security information disclosure CVE-2022-38383 Vulnerability ReportVDB Entry
-
https://www.ibm.com/support/pages/node/7158986
Security Bulletin: IBM QRadar Suite software is vulnerable to information exposureVendor Advisory
Jump to