Denial of Service Vulnerability in IBM Concert Software by IBM
CVE-2024-55909

6.5MEDIUM

Key Information:

Vendor: IBM
Status: Concert Software
Vendor: CVE Published:; 2 May 2025

Summary

IBM Concert Software versions 1.0.0 to 1.0.5 are susceptible to a denial of service vulnerability allowing authenticated users to disrupt service. This occurs when archive file expansion isn't properly controlled, potentially leading to resource exhaustion. Organizations using affected versions should assess their systems and apply the necessary mitigations as recommended by IBM.

Affected Version(s)

Concert Software 1.0.0 <= 1.0.5

References

https://www.ibm.com/support/pages/node/7232169

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 2, 2025
Vulnerability Reserved
Dec 12, 2024