Information Injection Vulnerability in IBM Concert Software
CVE-2024-52891
5.4MEDIUM
Summary
IBM Concert Software versions 1.0.0 through 1.0.3 have a security vulnerability that permits authenticated users to inject malicious payloads or gain unauthorized access to sensitive information through log files due to inadequate log neutralization. This flaw can compromise the integrity of log data and expose sensitive operations within the software, emphasizing the need for prompt remediation.
Affected Version(s)
Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, 1.0.3
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database