Vulnerability in IBM Concert Affecting Cookie Management
CVE-2024-43173

3.7LOW

Key Information:

Vendor
IBM
Status
Concert
Vendor
CVE Published:
22 October 2024

Summary

IBM Concert versions 1.0.0 and 1.0.1 have a vulnerability related to cookie management that allows for potential exploitation by leveraging the absence of the SameSite attribute in cookies. This flaw enables malicious entities to perform cross-site request forgery (CSRF) and similar attacks, highlighting the necessity for developers to implement secure cookie practices to mitigate such risks. Immediate measures should be taken to update to safer coding standards to ensure user data protection and system integrity.

References

https://www.ibm.com/support/pages/node/7173596

CVSS V3.1

Score:
3.7
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.