CVE-2024-52891Improper Output Neutralization for Logs in IBM Concert Software

CWE-117Improper Output Neutralization for LogsCWE-116Improper Encoding or Escaping of Output3 documents3 sources
Severity
5.4MEDIUMNVD
EPSS
0.1%
top 74.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Concert SoftwareIBM Concert
Timeline
PublishedJan 7

Description

IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could allow an authenticated user to inject malicious information or obtain information from log files due to improper log neutralization.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages2 packages

CVEListV5ibm/concert_software1.0.0, 1.0.1, 1.0.2, 1.0.2.1, 1.0.3
NVDibm/concert5 versions+4

🔴Vulnerability Details

2
CVEList
IBM Concert Software log manipulation2025-01-07
GHSA
GHSA-8h38-qx4m-2f5r: IBM Concert Software 12025-01-07
CVE-2024-52891 — IBM Concert Software vulnerability | cvebase