CVE-2024-55913

CWE-22Path Traversal3 documents3 sources
Severity
5.3MEDIUM
EPSS
0.2%
top 52.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM ConcertIBM Concert Software
Timeline
PublishedMay 2

Description

IBM Concert Software 1.0.0 through 1.0.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

CVEListV5ibm/concert_software1.0.01.0.5
NVDibm/concert1.0.01.1.0

🔴Vulnerability Details

2
GHSA
GHSA-c89j-4hr5-cjph: IBM Concert Software 12025-05-02
CVEList
IBM Concert Software path traversal2025-05-02
CVE-2024-55913 (MEDIUM CVSS 5.3) | IBM Concert Software 1.0.0 through | cvebase.io