CVE-2022-38386

🗓️ 01 May 2024 12:48:12Reported by ibmType

IBM Cloud Pak for Security and QRadar Suite do not set SameSite attribute for sensitive cookies, allowing attacker to obtain sensitive information using man-in-the-middle

Reporter	Title	Published	Views	Family All 9
CNNVD	IBM Cloud Pak for Security 和 IBM QRadar Suite 安全漏洞	1 May 202400:00	–	cnnvd
Cvelist	CVE-2022-38386 IBM Cloud Pak for Security information disclosure	1 May 202412:48	–	cvelist
EUVD	EUVD-2022-40972	3 Oct 202520:07	–	euvd
IBM Security Bulletins	Security Bulletin: IBM QRadar Suite software is vulnerable to information exposure (CVE-2022-38386)	30 Apr 202408:34	–	ibm
NVD	CVE-2022-38386	1 May 202413:15	–	nvd
OSV	CVE-2022-38386	1 May 202413:15	–	osv
Positive Technologies	PT-2024-5152 · Ibm · Ibm Cloud Pak For Security +1	30 Apr 202400:00	–	ptsecurity
RedhatCVE	CVE-2022-38386	9 Jan 202609:15	–	redhatcve
Vulnrichment	CVE-2022-38386 IBM Cloud Pak for Security information disclosure	1 May 202412:48	–	vulnrichment

NVD

Vulners

Vulnrichment

Node

ibm cloud_pak_for_securityRange1.10.0.0–1.10.11.0

ibm qradar_suiteRange1.10.12.0–1.10.19.0

[
  {
    "defaultStatus": "unaffected",
    "product": "Cloud Pak for Security",
    "vendor": "IBM",
    "versions": [
      {
        "lessThanOrEqual": "1.10.11.0",
        "status": "affected",
        "version": "1.10.0.0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "QRadar Suite for Software",
    "vendor": "IBM",
    "versions": [
      {
        "lessThanOrEqual": "1.10.19.0",
        "status": "affected",
        "version": "1.10.12.0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
ibm	www.ibm.com/support/pages/node/7149811
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/233778

13 Aug 2025 13:10Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.15.9

EPSS0.00069

SSVC

CWE-1275