CVE-2024-51451

MEDIUM

IBM Concert 1.0.0-2.1.0 - HTTP Header Injection via HOST Header

Title source: llm

Description

IBM Concert 1.0.0 through 2.1.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory patch

https://www.ibm.com/support/pages/node/7257006

Scores

CVSS v3 6.5

EPSS 0.0002

EPSS Percentile 4.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-644

Status published

Products (1)

ibm/concert 1.0.0 - 2.2.0

Published Feb 04, 2026

Tracked Since Feb 18, 2026