CVE-2024-49354

IBM Concert 1.0.0, 1.0.1, and 1.0.2 is vulnerable to sensitive information disclosure through specially crafted API Calls.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.ibm.com/support/pages/node/7174120	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:concert:1.0.0:::::::*
	cpe:2.3:a:ibm:concert:1.0.1:::::::*
	cpe:2.3:a:ibm:concert:1.0.2:::::::*

History

08 Aug 2025, 02:10

Type	Values Removed	Values Added
First Time		Ibm Ibm concert
CPE		cpe:2.3:a:ibm:concert:1.0.0:::::::* cpe:2.3:a:ibm:concert:1.0.1:::::::* cpe:2.3:a:ibm:concert:1.0.2:::::::*
References	~~() https://www.ibm.com/support/pages/node/7174120 -~~	() https://www.ibm.com/support/pages/node/7174120 - Vendor Advisory
Summary		(es) IBM Concert 1.0.0, 1.0.1 y 1.0.2 es vulnerable a la divulgación de información confidencial a través de llamadas API especiales manipulado.

18 Jan 2025, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-18 16:15

Updated : 2025-08-08 02:10

NVD link : CVE-2024-49354

Mitre link : CVE-2024-49354

CVE.ORG link : CVE-2024-49354

JSON object : View

Products Affected

ibm

concert

CWE

CWE-213

Exposure of Sensitive Information Due to Incompatible Policies

5.3 /10