CVE-2022-38386

Name of the Vulnerable Software and Affected Versions: IBM Cloud Pak for Security (CP4S) versions 1.10.0.0 through 1.10.11.0 IBM QRadar Suite for Software versions 1.10.12.0 through 1.10.19.0

Description: The issue is related to errors in security settings, specifically the failure to set the SameSite attribute for sensitive cookies. This could allow an attacker to obtain sensitive information using man-in-the-middle techniques. The vulnerability may be exploited by a remote attacker to gain access to confidential information.

Recommendations: For IBM Cloud Pak for Security (CP4S) versions 1.10.0.0 through 1.10.11.0, update the security settings to include the SameSite attribute for sensitive cookies. For IBM QRadar Suite for Software versions 1.10.12.0 through 1.10.19.0, update the security settings to include the SameSite attribute for sensitive cookies. As a temporary workaround, consider restricting access to sensitive cookies until the issue is resolved.