CVE-2022-38386

CVSS v3 5.9 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

I

BM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite for Software 1.10.12.0 through 1.10.19.0 does not set the SameSite attribute for sensitive cookies which could allow an attacker to obtain sensitive information using man-in-the-middle techniques. IBM X-Force ID: 233778.

References

Link	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/233778	Vendor Advisory
https://www.ibm.com/support/pages/node/7149811	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/233778	Vendor Advisory
https://www.ibm.com/support/pages/node/7149811	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:cloud_pak_for_security::::::::
	cpe:2.3:a:ibm:qradar_suite::::::::

History

13 Aug 2025, 13:10

Type	Values Removed	Values Added
CPE		cpe:2.3:a:ibm:qradar_suite:::::::: cpe:2.3:a:ibm:cloud_pak_for_security::::::::
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/233778 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/233778 - Vendor Advisory
References	~~() https://www.ibm.com/support/pages/node/7149811 -~~	() https://www.ibm.com/support/pages/node/7149811 - Vendor Advisory
First Time		Ibm Ibm qradar Suite Ibm cloud Pak For Security

21 Nov 2024, 07:16

Type	Values Removed	Values Added
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/233778 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/233778 -
References	~~() https://www.ibm.com/support/pages/node/7149811 -~~	() https://www.ibm.com/support/pages/node/7149811 -

01 May 2024, 19:50

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-01 13:15

Updated : 2025-08-13 13:10

NVD link : CVE-2022-38386

Mitre link : CVE-2022-38386

CVE.ORG link : CVE-2022-38386

JSON object : View

Products Affected

CWE

CWE-1275

Sensitive Cookie with Improper SameSite Attribute

{"id": "CVE-2022-38386", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.2}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2024-05-01T13:15:47.960", "references": [{"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/233778", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://www.ibm.com/support/pages/node/7149811", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/233778", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.ibm.com/support/pages/node/7149811", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-1275"}]}], "descriptions": [{"lang": "en", "value": "IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite for Software 1.10.12.0 through 1.10.19.0 does not set the SameSite attribute for sensitive cookies which could allow an attacker to obtain sensitive information using man-in-the-middle techniques. IBM X-Force ID: 233778."}, {"lang": "es", "value": "IBM Cloud Pak for Security (CP4S) 1.10.0.0 a 1.10.11.0 e IBM QRadar Suite for Software 1.10.12.0 a 1.10.19.0 no configuran el atributo SameSite para cookies confidenciales que podr\u00edan permitir a un atacante obtener informaci\u00f3n confidencial mediante t\u00e9cnicas man-in-the-middle. ID de IBM X-Force: 233778."}], "lastModified": "2025-08-13T13:10:35.387", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:cloud_pak_for_security:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8FA89838-3E05-4778-9323-DE51CC10FD18", "versionEndIncluding": "1.10.11.0", "versionStartIncluding": "1.10.0.0"}, {"criteria": "cpe:2.3:a:ibm:qradar_suite:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "64379CF5-6600-48FB-B012-01610D214DC6", "versionEndIncluding": "1.10.19.0", "versionStartIncluding": "1.10.12.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}