Vulnerabilities > IBM > Concert Software > 1.0.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-24 | CVE-2024-41757 | Missing Encryption of Sensitive Data vulnerability in IBM Concert Software 1.0.0/1.0.1 IBM Concert Software 1.0.0 and 1.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |
| 2025-01-07 | CVE-2024-52366 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Concert Software IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |
| 2025-01-07 | CVE-2024-52367 | Exposure of System Data to an Unauthorized Control Sphere vulnerability in IBM Concert Software IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could disclose sensitive system information to an unauthorized actor that could be used in further attacks against the system. | 7.5 |
| 2025-01-07 | CVE-2024-52891 | Improper Output Neutralization for Logs vulnerability in IBM Concert Software IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could allow an authenticated user to inject malicious information or obtain information from log files due to improper log neutralization. | 5.4 |
| 2025-01-07 | CVE-2024-52893 | Information Exposure Through an Error Message vulnerability in IBM Concert Software IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 5.3 |
| 2024-11-19 | CVE-2024-52359 | Incorrect User Management vulnerability in IBM Concert Software IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 could allow an authenticated user to perform unauthorized actions that should be reserved to administrator used due to improper access controls. | 8.8 |
| 2024-11-19 | CVE-2024-52360 | Unspecified vulnerability in IBM Concert Software IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 is vulnerable to SQL injection. | 9.8 |
| 2024-11-15 | CVE-2024-41785 | Cross-site Scripting vulnerability in IBM Concert Software 1.0.0/1.0.1 IBM Concert Software 1.0.0 through 1.0.1 is vulnerable to cross-site scripting. | 6.1 |
| 2024-11-15 | CVE-2024-43189 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Concert Software 1.0.0/1.0.1 IBM Concert Software 1.0.0 through 1.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |