Inadequate Account Lockout Setting in IBM Concert Software
CVE-2024-51476

7.5HIGH

Key Information:

Vendor: IBM
Status: Concert Software
Vendor: CVE Published:; 6 March 2025

What is CVE-2024-51476?

IBM Concert Software version 1.0.5 is vulnerable due to an insufficient account lockout configuration. This inadequacy permits remote attackers to potentially execute brute-force attacks on user credentials, thereby compromising user account security. Organizations using this version should take immediate action to implement stricter account lockout mechanisms to mitigate risks.

Affected Version(s)

Concert Software 1.0.5

References

https://www.ibm.com/support/pages/node/7184961

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 6, 2025
Vulnerability Reserved
Oct 28, 2024