How severe is CVE-2022-38386?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2022-38386?

This is classified as CWE-1275, which is a common weakness in software security.

CVE-2022-38386 - MEDIUM Severity | CVSS 5.9

Vulnerability Description

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite for Software 1.10.12.0 through 1.10.19.0 does not set the SameSite attribute for sensitive cookies which could allow an attacker to obtain sensitive information using man-in-the-middle techniques. IBM X-Force ID: 233778.

Related Vulnerabilities

CVE-2024-30155

MEDIUM

CVSS:5.5(Medium)

HCL SX does not set the secure attribute on authorization tokens or session cookies. Attackers may potentially be able to obtain access to the cookie values via a Cross-Site-Forgery-Request (CSRF).

CWE-12752024

CVE-2024-42212

MEDIUM

CVSS:5.4(Medium)

HCL BigFix Compliance is affected by an improper or missing SameSite attribute. This can lead to Cross-Site Request Forgery (CSRF) attacks, where a malicious site could trick a user's browser into mak...

CWE-12752024

CVE-2025-24387

MEDIUM

CVSS:6.5(Medium)

A vulnerability in OTRS Application Server allows session hijacking due to missing attributes for sensitive cookie settings in HTTPS sessions. A request to an OTRS endpoint from a possible malicious w...

CWE-12752025

CVE-2024-6611

CRITICAL

CVSS:9.8(Critical)

A nested iframe, triggering a cross-site navigation, could send SameSite=Strict or Lax cookies. This vulnerability affects Firefox < 128 and Thunderbird < 128.

CWE-12752024

CVE-2025-24387

MEDIUM

CVSS:6.5(Medium)

CWE-12752025

CVE-2024-30155

MEDIUM

CVSS:5.5(Medium)

HCL SX does not set the secure attribute on authorization tokens or session cookies. Attackers may potentially be able to obtain access to the cookie values via a Cross-Site-Forgery-Request (CSRF).

CWE-12752024