Unauthorized Access in IBM Concert Software Could Allow for Enhanced Privileges
CVE-2024-52359

8.8HIGH

Key Information:

Vendor: IBM
Status: Concert Software
Vendor: CVE Published:; 19 November 2024

Summary

An improper access control vulnerability has been identified in IBM Concert Software versions 1.0.0 through 1.0.2.1. This issue enables authenticated users to execute unauthorized actions typically limited to administrators, undermining the security of the affected systems. The underlying cause of this vulnerability stems from inadequate access control mechanisms, which could potentially lead to data breaches or unauthorized modifications. Users are advised to review their access control policies and apply necessary patches provided by IBM to safeguard their environments.

References

https://www.ibm.com/support/pages/node/7176346

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 19, 2024