Information Disclosure Vulnerability in IBM Concert Software
CVE-2024-41757

5.9MEDIUM

Key Information:

Vendor: IBM
Status: Concert Software
Vendor: CVE Published:; 24 January 2025

What is CVE-2024-41757?

IBM Concert Software versions 1.0.0 and 1.0.1 are vulnerable due to inadequate implementation of HTTP Strict Transport Security (HSTS). This oversight can be exploited by remote attackers using man-in-the-middle techniques, potentially leading to the exposure of sensitive information. Properly configuring HSTS is critical to safeguard against unauthorized data interception.

Affected Version(s)

Concert Software 1.0.0, 1.0.1

References

https://www.ibm.com/support/pages/node/7173596

vendor-advisory

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 24, 2025
Vulnerability Reserved
Jul 22, 2024