CVE-2024-43181
published 2026-02-04CVE-2024-43181: IBM Concert 1.0.0 through 2.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
medium6.3CVSS 3.1
AVNACLPRLUINSUCLILAL
IBM Concert 1.0.0 through 2.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | concert | >= 1.0.0 < 2.2.0 | 2.2.0 |
| ibm | concert | 1.0.0 – 2.1.0 | — |