CVE-2024-43173

IBM Concert 1.0.0 and 1.0.1 vulnerable to attacks that rely on the use of cookies without the SameSite attribute.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Ibm ≫ Concert Version1.0.0

Ibm ≫ Concert Version1.0.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.07%	0.221

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	3.7	2.2	1.4	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
psirt@us.ibm.com	3.7	2.2	1.4	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-1275 Sensitive Cookie with Improper SameSite Attribute

The SameSite attribute for sensitive cookies is not set, or an insecure value is used.

Vendor Advisory

CVE Source (NVD)

CVE Source (JSON)

EUVD