Vulnerabilities > IBM > Concert Software > 1.0.3

DATE CVE VULNERABILITY TITLE RISK
2025-01-07 CVE-2024-52366 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Concert Software
IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.
network
high complexity
ibm CWE-327
5.9
5.9
2025-01-07 CVE-2024-52367 Exposure of System Data to an Unauthorized Control Sphere vulnerability in IBM Concert Software
IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could disclose sensitive system information to an unauthorized actor that could be used in further attacks against the system.
network
low complexity
ibm CWE-497
7.5
7.5
2025-01-07 CVE-2024-52891 Improper Output Neutralization for Logs vulnerability in IBM Concert Software
IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could allow an authenticated user to inject malicious information or obtain information from log files due to improper log neutralization.
network
low complexity
ibm CWE-117
5.4
5.4
2025-01-07 CVE-2024-52893 Information Exposure Through an Error Message vulnerability in IBM Concert Software
IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3  could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.
network
low complexity
ibm CWE-209
5.3
5.3