Sensitive Information Disclosure in IBM Concert API
CVE-2024-49354
5.3MEDIUM
Summary
IBM Concert versions 1.0.0, 1.0.1, and 1.0.2 are susceptible to a vulnerability that allows an attacker to exploit specially crafted API calls to disclose sensitive information. This issue requires immediate attention to prevent unauthorized access and ensure data confidentiality.
Affected Version(s)
Concert Software 1.0.0, 1.0.1, 1.0.2
References
CVSS V3.1
Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved