CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41757 – IBM Concert Software information disclosure
https://notcve.org/view.php?id=CVE-2024-41757
24 Jan 2025 — IBM Concert Software 1.0.0 and 1.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. • https://www.ibm.com/support/pages/node/7173596 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49354 – IBM Concert information disclosure
https://notcve.org/view.php?id=CVE-2024-49354
18 Jan 2025 — IBM Concert 1.0.0, 1.0.1, and 1.0.2 is vulnerable to sensitive information disclosure through specially crafted API Calls. • https://www.ibm.com/support/pages/node/7174120 • CWE-213: Exposure of Sensitive Information Due to Incompatible Policies •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52893 – IBM Concert Software information disclosure
https://notcve.org/view.php?id=CVE-2024-52893
07 Jan 2025 — IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1 y 1.0.3 podría permitir que un atacante remoto obtenga información confidencial cuando se devuelve un mensaje de error técnico detallado en el navegador. Esta información podría utilizarse en futuros a... • https://www.ibm.com/support/pages/node/7180303 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52366 – IBM Concert Software information disclosure
https://notcve.org/view.php?id=CVE-2024-52366
07 Jan 2025 — IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1 y 1.0.3 podría permitir que un atacante remoto obtenga información confidencial, debido a que no se ha habilitado correctamente la seguridad de transpor... • https://www.ibm.com/support/pages/node/7180303 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52891 – IBM Concert Software log manipulation
https://notcve.org/view.php?id=CVE-2024-52891
07 Jan 2025 — IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could allow an authenticated user to inject malicious information or obtain information from log files due to improper log neutralization. IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1 y 1.0.3 podría permitir que un usuario autenticado inyecte información maliciosa u obtenga información de archivos de registro debido a una neutralización incorrecta de los registros. • https://www.ibm.com/support/pages/node/7180303 • CWE-117: Improper Output Neutralization for Logs •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52367 – IBM Concert Software information disclosure
https://notcve.org/view.php?id=CVE-2024-52367
07 Jan 2025 — IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could disclose sensitive system information to an unauthorized actor that could be used in further attacks against the system. IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1 y 1.0.3 podría revelar información confidencial del sistema a un actor no autorizado que podría utilizarse en futuros ataques contra el sistema. • https://www.ibm.com/support/pages/node/7180303 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52359 – IBM Concert Software improper access controls
https://notcve.org/view.php?id=CVE-2024-52359
19 Nov 2024 — IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 could allow an authenticated user to perform unauthorized actions that should be reserved to administrator used due to improper access controls. • https://www.ibm.com/support/pages/node/7176346 • CWE-286: Incorrect User Management •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52360 – IBM Concert Software SQL injection
https://notcve.org/view.php?id=CVE-2024-52360
19 Nov 2024 — IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database. • https://www.ibm.com/support/pages/node/7176346 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37070 – IBM Concert Software information disclosure
https://notcve.org/view.php?id=CVE-2024-37070
19 Nov 2024 — IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 could allow an authenticated user to obtain sensitive information that could aid in further attacks against the system. • https://www.ibm.com/support/pages/node/7176346 • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43189 – IBM Concert Software information disclosure
https://notcve.org/view.php?id=CVE-2024-43189
15 Nov 2024 — IBM Concert Software 1.0.0 through 1.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. • https://www.ibm.com/support/pages/node/7173596 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •