Ibm

Concert

66 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2024-55909

  • EPSS 0.21%
  • Veröffentlicht 02.05.2025 00:35:26
  • Zuletzt bearbeitet 16.07.2025 16:57:14

IBM Concert Software 1.0.0 through 1.0.5 could allow an authenticated user to cause a denial of service due to the expansion of archive files without controlling resource consumption.

7.5

CVE-2024-51476

  • EPSS 0.09%
  • Veröffentlicht 06.03.2025 17:15:19
  • Zuletzt bearbeitet 16.07.2025 14:08:22

IBM Concert Software 1.0.5 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.

5.9

CVE-2024-41757

  • EPSS 0.08%
  • Veröffentlicht 24.01.2025 16:15:36
  • Zuletzt bearbeitet 29.09.2025 16:15:35

IBM Concert Software 1.0.0 and 1.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information ...

7.5

CVE-2024-49354

  • EPSS 0.11%
  • Veröffentlicht 18.01.2025 16:15:39
  • Zuletzt bearbeitet 08.08.2025 02:10:41

IBM Concert 1.0.0, 1.0.1, and 1.0.2 is vulnerable to sensitive information disclosure through specially crafted API Calls.

5.3

CVE-2024-52893

  • EPSS 0.07%
  • Veröffentlicht 07.01.2025 12:15:25
  • Zuletzt bearbeitet 18.07.2025 13:39:51

IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3  could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against...

5.4

CVE-2024-52891

  • EPSS 0.09%
  • Veröffentlicht 07.01.2025 12:15:25
  • Zuletzt bearbeitet 18.07.2025 13:39:22

IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could allow an authenticated user to inject malicious information or obtain information from log files due to improper log neutralization.

7.5

CVE-2024-52367

  • EPSS 0.11%
  • Veröffentlicht 07.01.2025 12:15:24
  • Zuletzt bearbeitet 18.07.2025 13:38:31

IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could disclose sensitive system information to an unauthorized actor that could be used in further attacks against the system.

5.9

CVE-2024-52366

  • EPSS 0.05%
  • Veröffentlicht 07.01.2025 12:15:24
  • Zuletzt bearbeitet 18.07.2025 13:37:53

IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtai...

9.8

CVE-2024-52360

  • EPSS 0.13%
  • Veröffentlicht 19.11.2024 20:15:32
  • Zuletzt bearbeitet 18.07.2025 13:37:40

IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database.

8.8

CVE-2024-52359

  • EPSS 0.1%
  • Veröffentlicht 19.11.2024 20:15:31
  • Zuletzt bearbeitet 18.07.2025 13:37:13

IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 could allow an authenticated user to perform unauthorized actions that should be reserved to administrator used due to improper access controls.