CVE-2024-52367Exposure of Sensitive System Information to an Unauthorized Control Sphere in IBM Concert Software

CWE-497Exposure of Sensitive System Information to an Unauthorized Control Sphere3 documents3 sources
Severity
7.5HIGHNVD
CNA5.3
EPSS
0.1%
top 71.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Concert SoftwareIBM Concert
Timeline
PublishedJan 7

Description

IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could disclose sensitive system information to an unauthorized actor that could be used in further attacks against the system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5ibm/concert_software1.0.0, 1.0.1, 1.0.2, 1.0.2.1, 1.0.3
NVDibm/concert5 versions+4

🔴Vulnerability Details

2
GHSA
GHSA-hj6w-6w27-6783: IBM Concert Software 12025-01-07
CVEList
IBM Concert Software information disclosure2025-01-07
CVE-2024-52367 — IBM Concert Software vulnerability | cvebase