IBM Cloud Pak for Security (CP4S) 1.10.0.0 up to and including 1.10.11.0 and IBM QRadar Suite for Software 1.10.12.0 up to and including 1.10.19.0 does not set the SameSite attribute for sensitive cookies which could allow an malicious user to obtain sensitive information using man-in-the-middle techniques. IBM X-Force ID: 233778.