Unauthorized Access in IBM Concert Software Could Allow for Enhanced Privileges
CVE-2024-52359

8.8HIGH

Key Information:

Vendor
IBM
Vendor
CVE Published:
19 November 2024

Summary

An improper access control vulnerability has been identified in IBM Concert Software versions 1.0.0 through 1.0.2.1. This issue enables authenticated users to execute unauthorized actions typically limited to administrators, undermining the security of the affected systems. The underlying cause of this vulnerability stems from inadequate access control mechanisms, which could potentially lead to data breaches or unauthorized modifications. Users are advised to review their access control policies and apply necessary patches provided by IBM to safeguard their environments.

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.