CVE-2024-43173 — Sensitive Cookie with Improper SameSite Attribute in IBM Concert

Severity

3.7LOWNVD

EPSS

0.1%

top 74.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedOct 22

Description

IBM Concert 1.0.0 and 1.0.1 vulnerable to attacks that rely on the use of cookies without the SameSite attribute.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 2.2 | Impact: 1.4

▶CVEListV5ibm/concert1.0.0, 1.0.1

▶NVDibm/concert1.0.0, 1.0.1+1

CVEList

IBM Concert information disclosure↗2024-10-22

▶

GHSA

GHSA-5r8w-hmfj-p69p: IBM Concert 1↗2024-10-22

▶