CVE Record: CVE-2022-38386

alert

Notice: Keyword searching of CVE Records is now available in the search box above. Keywords may include a CVE ID (e.g., CVE-2024-1234), or one or more keywords separated by a space (e.g., authorization, SQL Injection, cross site scripting, etc.). Learn more here.

alert

Notice: Keyword searching of CVE Records is now available in the search box above. Keywords may include a CVE ID (e.g., CVE-2024-1234), or one or more keywords separated by a space (e.g., authorization, SQL Injection, cross site scripting, etc.). Learn more here.

Expand or collapse notification button

Required CVE Record Information

Description

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite for Software 1.10.12.0 through 1.10.19.0 does not set the SameSite attribute for sensitive cookies which could allow an attacker to obtain sensitive information using man-in-the-middle techniques. IBM X-Force ID: 233778.

CWE 1 Total

CWE-1275: CWE-1275 Sensitive Cookie with Improper SameSite Attribute

CVSS 1 Total

Product Status

Versions 1 Total

Default Status: unaffected

affected

Versions 1 Total

Default Status: unaffected

affected

References 2 Total

https://www.ibm.com/support/pages/node/7149811
external site
vendor-advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/233778
external site
vdb-entry

Updated: 2024-08-03

This container includes required additional information provided by the CVE Program for this vulnerability.

References 2 Total

https://www.ibm.com/support/pages/node/7149811
external site
vendor-advisoryx_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/233778
external site
vdb-entryx_transferred

Authorized Data Publishers