CVE-2024-41757

CWE-319Cleartext TransmissionCWE-3113 documents3 sources
Severity
5.9MEDIUM
EPSS
0.1%
top 77.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Concert SoftwareIBM Concert
Timeline
PublishedJan 24

Description

IBM Concert Software 1.0.0 and 1.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

CVEListV5ibm/concert_software1.0.0, 1.0.1+1
NVDibm/concert1.0.0, 1.0.1+1

🔴Vulnerability Details

2
CVEList
IBM Concert Software information disclosure2025-01-24
GHSA
GHSA-73x8-ccpr-jw52: IBM Concert Software 12025-01-24
CVE-2024-41757 (MEDIUM CVSS 5.9) | IBM Concert Software 1.0.0 and 1.0. | cvebase.io