Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for QRadar Suite for Software by IBM

    CVE-2022-38386 (GCVE-0-2022-38386)

    Vulnerability from nvd – Published: 2024-05-01 12:48 – Updated: 2024-08-03 10:54
    VLAI
    Title
    IBM Cloud Pak for Security information disclosure
    Summary
    IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite for Software 1.10.12.0 through 1.10.19.0 does not set the SameSite attribute for sensitive cookies which could allow an attacker to obtain sensitive information using man-in-the-middle techniques. IBM X-Force ID: 233778.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1275 - Sensitive Cookie with Improper SameSite Attribute
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM Cloud Pak for Security Affected: 1.10.0.0 , ≤ 1.10.11.0 (semver)
    Create a notification for this product.
    IBM QRadar Suite for Software Affected: 1.10.12.0 , ≤ 1.10.19.0 (semver)
    Create a notification for this product.
    ibm cloud_pak_for_security Affected: 1.10.0.0 , ≤ 1.10.11.0 (semver)
        cpe:2.3:a:ibm:cloud_pak_for_security:1.10.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    ibm qradar_suite Affected: 1.10.12.0 , ≤ 1.10.19.0 (semver)
        cpe:2.3:a:ibm:qradar_suite:1.10.12.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:ibm:cloud_pak_for_security:1.10.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "cloud_pak_for_security",
                "vendor": "ibm",
                "versions": [
                  {
                    "lessThanOrEqual": "1.10.11.0",
                    "status": "affected",
                    "version": "1.10.0.0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:ibm:qradar_suite:1.10.12.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "qradar_suite",
                "vendor": "ibm",
                "versions": [
                  {
                    "lessThanOrEqual": "1.10.19.0",
                    "status": "affected",
                    "version": "1.10.12.0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-38386",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-01T15:13:52.205598Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:16:50.033Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T10:54:03.704Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/7149811"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/233778"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Cloud Pak for Security",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "1.10.11.0",
                  "status": "affected",
                  "version": "1.10.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "QRadar Suite for Software",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "1.10.19.0",
                  "status": "affected",
                  "version": "1.10.12.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite for Software 1.10.12.0 through 1.10.19.0 does not set the SameSite attribute for sensitive cookies which could allow an attacker to obtain sensitive information using man-in-the-middle techniques.  IBM X-Force ID:  233778."
                }
              ],
              "value": "IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite for Software 1.10.12.0 through 1.10.19.0 does not set the SameSite attribute for sensitive cookies which could allow an attacker to obtain sensitive information using man-in-the-middle techniques.  IBM X-Force ID:  233778."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1275",
                  "description": "CWE-1275 Sensitive Cookie with Improper SameSite Attribute",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-01T12:48:12.167Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7149811"
            },
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/233778"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Cloud Pak for Security information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2022-38386",
        "datePublished": "2024-05-01T12:48:12.167Z",
        "dateReserved": "2022-08-16T18:42:49.432Z",
        "dateUpdated": "2024-08-03T10:54:03.704Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-38386 (GCVE-0-2022-38386)

    Vulnerability from cvelistv5 – Published: 2024-05-01 12:48 – Updated: 2024-08-03 10:54
    VLAI
    Title
    IBM Cloud Pak for Security information disclosure
    Summary
    IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite for Software 1.10.12.0 through 1.10.19.0 does not set the SameSite attribute for sensitive cookies which could allow an attacker to obtain sensitive information using man-in-the-middle techniques. IBM X-Force ID: 233778.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1275 - Sensitive Cookie with Improper SameSite Attribute
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM Cloud Pak for Security Affected: 1.10.0.0 , ≤ 1.10.11.0 (semver)
    Create a notification for this product.
    IBM QRadar Suite for Software Affected: 1.10.12.0 , ≤ 1.10.19.0 (semver)
    Create a notification for this product.
    ibm cloud_pak_for_security Affected: 1.10.0.0 , ≤ 1.10.11.0 (semver)
        cpe:2.3:a:ibm:cloud_pak_for_security:1.10.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    ibm qradar_suite Affected: 1.10.12.0 , ≤ 1.10.19.0 (semver)
        cpe:2.3:a:ibm:qradar_suite:1.10.12.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:ibm:cloud_pak_for_security:1.10.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "cloud_pak_for_security",
                "vendor": "ibm",
                "versions": [
                  {
                    "lessThanOrEqual": "1.10.11.0",
                    "status": "affected",
                    "version": "1.10.0.0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:ibm:qradar_suite:1.10.12.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "qradar_suite",
                "vendor": "ibm",
                "versions": [
                  {
                    "lessThanOrEqual": "1.10.19.0",
                    "status": "affected",
                    "version": "1.10.12.0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-38386",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-01T15:13:52.205598Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:16:50.033Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T10:54:03.704Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/7149811"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/233778"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Cloud Pak for Security",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "1.10.11.0",
                  "status": "affected",
                  "version": "1.10.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "QRadar Suite for Software",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "1.10.19.0",
                  "status": "affected",
                  "version": "1.10.12.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite for Software 1.10.12.0 through 1.10.19.0 does not set the SameSite attribute for sensitive cookies which could allow an attacker to obtain sensitive information using man-in-the-middle techniques.  IBM X-Force ID:  233778."
                }
              ],
              "value": "IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite for Software 1.10.12.0 through 1.10.19.0 does not set the SameSite attribute for sensitive cookies which could allow an attacker to obtain sensitive information using man-in-the-middle techniques.  IBM X-Force ID:  233778."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1275",
                  "description": "CWE-1275 Sensitive Cookie with Improper SameSite Attribute",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-01T12:48:12.167Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7149811"
            },
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/233778"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Cloud Pak for Security information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2022-38386",
        "datePublished": "2024-05-01T12:48:12.167Z",
        "dateReserved": "2022-08-16T18:42:49.432Z",
        "dateUpdated": "2024-08-03T10:54:03.704Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }