Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-38386

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite for Software 1.10.12.0 through 1.10.19.0 does not set the SameSite attribute for sensitive cookies which could allow an attacker to obtain sensitive information using man-in-the-middle techniques. IBM X-Force ID: 233778.

Published

2024-05-01T13:15:47.960

Last Modified

2025-08-13T13:10:35.387

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.9 (MEDIUM)

Weaknesses

Type: Secondary
CWE-1275

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ibm	cloud_pak_for_security	≤ 1.10.11.0	Yes
Application	ibm	qradar_suite	≤ 1.10.19.0	Yes

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/233778 Vendor Advisory ([email protected])
https://www.ibm.com/support/pages/node/7149811 Vendor Advisory ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/233778 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.ibm.com/support/pages/node/7149811 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)