CVE-2022-38383 – This vulnerability allows web pages to be store... (How to Fix)

Q: What is the severity of CVE-2022-38383?

CVE-2022-38383 has a CVSS score of 4.0 (MEDIUM). This vulnerability allows web pages to be stored locally in IBM Cloud Pak for Security and IBM QRadar Software Suite, which can then be read by other users on the same system. It affects IBM Cloud Pak for Security versions 1.10.0.0 through 1.10.11.0 and IBM QRadar Software Suite versions 1.10.12.0 through 1.10.21.0. The issue stems from improper web page storage that lacks proper access controls.

📋 TL;DR

This vulnerability allows web pages to be stored locally in IBM Cloud Pak for Security and IBM QRadar Software Suite, which can then be read by other users on the same system. It affects IBM Cloud Pak for Security versions 1.10.0.0 through 1.10.11.0 and IBM QRadar Software Suite versions 1.10.12.0 through 1.10.21.0. The issue stems from improper web page storage that lacks proper access controls.

💻 Affected Systems

Products:

IBM Cloud Pak for Security
IBM QRadar Software Suite

Versions: IBM Cloud Pak for Security: 1.10.0.0 through 1.10.11.0; IBM QRadar Software Suite: 1.10.12.0 through 1.10.21.0

Operating Systems: Not OS-specific - affects the applications themselves

Default Config Vulnerable: ⚠️ Yes

Notes: Affects default installations of the specified versions. Requires local user access to exploit.

📦 What is this software?

Cloud Pak For Security by Ibm

View all CVEs affecting Cloud Pak For Security →

Qradar Suite by Ibm

View all CVEs affecting Qradar Suite →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Sensitive information from locally stored web pages could be accessed by unauthorized users on the same system, potentially exposing configuration data, session information, or other sensitive content.

🟠

Likely Case

Local users with access to the system could read web pages containing potentially sensitive information that should be restricted.

🟢

If Mitigated

With proper access controls and user separation, the impact is limited to information disclosure within controlled environments.

🌐 Internet-Facing: LOW - This is a local information disclosure vulnerability that requires access to the local system.

🏢 Internal Only: MEDIUM - Internal users with access to the affected systems could potentially read sensitive information from locally stored web pages.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access to the system where the affected software is installed. The vulnerability involves reading locally stored files that should be protected.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: IBM Cloud Pak for Security 1.10.12.0 and later; IBM QRadar Software Suite 1.10.22.0 and later

Vendor Advisory: https://www.ibm.com/support/pages/node/7158986

Restart Required: Yes

Instructions:

1. Download the latest version from IBM Fix Central. 2. Follow IBM's upgrade documentation for your specific product. 3. Apply the update following IBM's deployment procedures. 4. Restart the application/services as required.

🔧 Temporary Workarounds

Restrict Local User Access

all

Limit local user access to systems running affected software to only authorized administrators.

Implement strict access controls using your operating system's user/group permissions

File Permission Hardening

all

Review and tighten file permissions on web page storage directories to prevent unauthorized reading.

Review file permissions in application directories and restrict to necessary users only

🧯 If You Can't Patch

Implement strict access controls to limit which users can access the affected systems
Monitor for unusual file access patterns and implement additional logging for web page storage directories

🔍 How to Verify

Check if Vulnerable:

Check the installed version of IBM Cloud Pak for Security or IBM QRadar Software Suite against the affected version ranges.

Check Version:

Check product documentation for version verification commands specific to your deployment.

Verify Fix Applied:

Verify the installed version is IBM Cloud Pak for Security 1.10.12.0+ or IBM QRadar Software Suite 1.10.22.0+.

📡 Detection & Monitoring

Log Indicators:

Unusual file access patterns to web page storage directories
Multiple failed access attempts to protected files

Network Indicators:

Not applicable - this is a local vulnerability

SIEM Query:

Look for file access events in application directories by non-privileged users or unusual access patterns.

📊 Metadata

CVE ID: CVE-2022-38383

CVSS v3 Score: 4.0 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-525

Published: June 28, 2024

Last Updated: November 21, 2024

🔗 References

https://exchange.xforce.ibmcloud.com/vulnerabilities/233673 VDB Entry
https://www.ibm.com/support/pages/node/7158986 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/233673 VDB Entry
https://www.ibm.com/support/pages/node/7158986 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-38383, you might also want to check these: