CVE-2024-52367

EPSS 0.09%
Published 07.01.2025 12:15:24
Last modified 18.07.2025 13:38:31
Source psirt@us.ibm.com
Teams watchlist Login
Open Login

IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could disclose sensitive system information to an unauthorized actor that could be used in further attacks against the system.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Ibm ≫ Concert Version1.0.0

Ibm ≫ Concert Version1.0.1

Ibm ≫ Concert Version1.0.2

Ibm ≫ Concert Version1.0.2.1

Ibm ≫ Concert Version1.0.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.09%	0.264

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
psirt@us.ibm.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere

The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.

https://www.ibm.com/support/pages/node/7180303

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-52367

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-52367

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-52367

EUVD