MEDIUM🇬🇧 English

CVE-2022-38386

CVSS 5.9v3.1pub. 2024-05-01upd. 2025-08-13

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite for Software 1.10.12.0 through 1.10.19.0 does not set the SameSite attribute for sensitive cookies which could allow an attacker to obtain sensitive information using man-in-the-middle techniques. IBM X-Force ID: 233778.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
  • IBM Cloud Pak For Security

    APP
    Ibm
    1.10.0.0 – 1.10.11.0
  • IBM Qradar Suite

    APP
    Ibm
    1.10.12.0 – 1.10.19.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2025-25022CRITICAL9.6PL ✓ten sam produkt

IBM QRadar Suite / Cloud Pak for Security: ujawnienie danych w plikach konfiguracyjnych

CVE-2021-20578CRITICAL9.8ten sam produkt

IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 could allow an attacker to perform un...

CVE-2021-20538CRITICAL9.1ten sam produkt

IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 could allow a user to obtain sensitive information or pe...

CVE-2020-4627CRITICAL9.0ten sam produkt

IBM Cloud Pak for Security 1.3.0.1(CP4S) potentially vulnerable to CVS Injection. A remote attacker could exec...

CVE-2025-25021HIGH7.2ten sam produkt

IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0...

CVE-2022-38386 — MEDIUM 5.9 | CVEbaza.pl