IBM Concert 1.0 Security Vulnerability: Token and Session Cookie Exposure
CVE-2024-43180

4.3MEDIUM

Key Information:

Vendor

IBM
Status
Concert
Vendor
CVE Published:
13 September 2024

What is CVE-2024-43180?

IBM Concert 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Concert 1.0

References

https://www.ibm.com/support/pages/node/7168234
vendor-advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/351213

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.