IBM Concert 1.0.0 and 1.0.1 vulnerable to attacks that rely on the use of cookies without the SameSite attribute.
History

Tue, 22 Oct 2024 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 22 Oct 2024 15:00:00 +0000

Type Values Removed Values Added
Description IBM Concert 1.0.0 and 1.0.1 vulnerable to attacks that rely on the use of cookies without the SameSite attribute.
Title IBM Concert improper certificate validation
First Time appeared Ibm
Ibm concert
Weaknesses CWE-295
CPEs cpe:2.3:a:ibm:concert:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:concert:1.0.1:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm concert
References
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2024-10-22T14:52:43.289Z

Updated: 2024-10-22T15:17:45.001Z

Reserved: 2024-08-07T13:29:17.952Z

Link: CVE-2024-43177

cve-icon Vulnrichment

Updated: 2024-10-22T15:17:40.353Z

cve-icon NVD

Status : Analyzed

Published: 2024-10-22T15:15:07.020

Modified: 2024-10-25T16:05:15.777

Link: CVE-2024-43177

cve-icon Redhat

No data.