Missing SameSite Cookie in IBM CP4S & QRadar 1.10.x Enables MITM
CVE-2022-38386 Published on May 1, 2024

IBM Cloud Pak for Security information disclosure
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite for Software 1.10.12.0 through 1.10.19.0 does not set the SameSite attribute for sensitive cookies which could allow an attacker to obtain sensitive information using man-in-the-middle techniques. IBM X-Force ID: 233778.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2022-38386 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Attack Vector:
NETWORK
Attack Complexity:
HIGH
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
NONE
Availability Impact:
NONE

Weakness Type

Sensitive Cookie with Improper SameSite Attribute

The SameSite attribute for sensitive cookies is not set, or an insecure value is used. The SameSite attribute controls how cookies are sent for cross-domain requests. This attribute may have three values: 'Lax', 'Strict', or 'None'. If the 'None' value is used, a website may create a cross-domain POST HTTP request to another website, and the browser automatically adds cookies to this request. This may lead to Cross-Site-Request-Forgery (CSRF) attacks if there are no additional protections in place (such as Anti-CSRF tokens).


Products Associated with CVE-2022-38386

stack.watch emails you whenever new vulnerabilities are published in IBM Cloud Pak For Security or IBM Qradar Suite. Just hit a watch button to start following.

IBM Cloud Pak For Security
 
IBM Qradar Suite
 

Affected Versions

IBM Cloud Pak for Security: IBM QRadar Suite for Software: ibm cloud_pak_for_security: ibm qradar_suite:

Exploit Probability

EPSS
0.07%
Percentile
20.99%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.