CVE-2024-52367

MEDIUM

IBM Concert Software <1.0.4 - Info Disclosure

Title source: llm

Description

IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could disclose sensitive system information to an unauthorized actor that could be used in further attacks against the system.

References (1)

[Vendor Advisory] https://www.ibm.com/support/pages/node/7180303

Scores

CVSS v3 5.3

EPSS 0.0010

EPSS Percentile 28.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-497

Status published

Products (5)

ibm/concert 1.0.0

ibm/concert 1.0.1

ibm/concert 1.0.2

ibm/concert 1.0.2.1

ibm/concert 1.0.3

Published Jan 07, 2025

Tracked Since Feb 18, 2026