CVE-2022-38386 : IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suit

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite for Software 1.10.12.0 through 1.10.19.0 does not set the SameSite attribute for sensitive cookies which could allow an attacker to obtain sensitive information using man-in-the-middle techniques. IBM X-Force ID: 233778.

Published 2024-05-01 13:15:48

Updated 2024-05-01 19:50:26

Source IBM Corporation

View at NVD, CVE.org

Products affected by CVE-2022-38386

Please log in to view affected product information.

Exploit prediction scoring system (EPSS) score for CVE-2022-38386

EPSS FAQ

0.06%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 15 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-38386

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.9	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N	2.2	3.6	IBM Corporation	2024-05-01
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE ids for CVE-2022-38386

CWE-1275 Sensitive Cookie with Improper SameSite Attribute

The SameSite attribute for sensitive cookies is not set, or an insecure value is used.

Assigned by: psirt@us.ibm.com (Primary)

References for CVE-2022-38386

https://exchange.xforce.ibmcloud.com/vulnerabilities/233778

IBM Cloud Pak for Security information disclosure CVE-2022-38386 Vulnerability Report
https://www.ibm.com/support/pages/node/7149811

Security Bulletin: IBM QRadar Suite software is vulnerable to information exposure (CVE-2022-38386)

Jump to

Vulnerability Details : CVE-2022-38386

Products affected by CVE-2022-38386

Exploit prediction scoring system (EPSS) score for CVE-2022-38386

CVSS scores for CVE-2022-38386

CWE ids for CVE-2022-38386

References for CVE-2022-38386