Unauthorized Access in IBM Concert Software Could Allow for Enhanced Privileges
CVE-2024-52359
8.8HIGH
Summary
An improper access control vulnerability has been identified in IBM Concert Software versions 1.0.0 through 1.0.2.1. This issue enables authenticated users to execute unauthorized actions typically limited to administrators, undermining the security of the affected systems. The underlying cause of this vulnerability stems from inadequate access control mechanisms, which could potentially lead to data breaches or unauthorized modifications. Users are advised to review their access control policies and apply necessary patches provided by IBM to safeguard their environments.
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published