CVE-2024-55910

CWE-918Server-Side Request Forgery (SSRF)3 documents3 sources
Severity
6.5MEDIUM
EPSS
0.2%
top 60.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM ConcertIBM Concert Software
Timeline
PublishedMay 2

Description

IBM Concert Software 1.0.0 through 1.0.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.5

Affected Packages2 packages

CVEListV5ibm/concert_software1.0.01.0.5
NVDibm/concert1.0.01.1.0

🔴Vulnerability Details

2
GHSA
GHSA-9qwv-3x3p-rg99: IBM Concert Software 12025-05-02
CVEList
IBM Concert Software server-side request forgery2025-05-02
CVE-2024-55910 (MEDIUM CVSS 6.5) | IBM Concert Software 1.0.0 through | cvebase.io