CVE-2024-52360

CWE-89 — SQL Injection3 documents3 sources

Severity

9.8CRITICAL

EPSS

0.1%

top 67.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Concert Software IBM Concert

Timeline

PublishedNov 19

Description

IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:LExploitability: 2.8 | Impact: 4.7

Affected Packages2 packages

▶CVEListV5ibm/concert_software1.0.0, 1.0.1, 1.0.2, 1.0.2.1

▶NVDibm/concert4 versions+3

🔴Vulnerability Details

CVEList

IBM Concert Software SQL injection↗2024-11-19

▶

GHSA

GHSA-7p5f-7qpj-wpgq: IBM Concert Software 1↗2024-11-19

▶