{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-52893", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2024-11-17T14:25:44.934Z", "datePublished": "2025-01-07T12:00:41.835Z", "dateUpdated": "2025-01-07T14:44:00.514Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:ibm:concert:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:concert:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:concert:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:concert:1.0.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:concert:1.0.3:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "product": "Concert Software", "vendor": "IBM", "versions": [{"status": "affected", "version": "1.0.0, 1.0.1, 1.0.2, 1.0.2.1, 1.0.3"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.</span>\n\n</span>\n\n</span>"}], "value": "IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3\u00a0\n\ncould allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-209", "description": "CWE-209 Generation of Error Message Containing Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-01-07T12:00:41.835Z"}, "references": [{"url": "https://www.ibm.com/support/pages/node/7180303"}], "source": {"discovery": "UNKNOWN"}, "title": "IBM Concert Software information disclosure", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-07T14:43:44.143079Z", "id": "CVE-2024-52893", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-07T14:44:00.514Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-52893", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-07T14:43:44.143079Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-07T14:43:54.953Z"}}], "cna": {"title": "IBM Concert Software information disclosure", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:ibm:concert:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:concert:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:concert:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:concert:1.0.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:concert:1.0.3:*:*:*:*:*:*:*"], "vendor": "IBM", "product": "Concert Software", "versions": [{"status": "affected", "version": "1.0.0, 1.0.1, 1.0.2, 1.0.2.1, 1.0.3"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.ibm.com/support/pages/node/7180303"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3\u00a0\n\ncould allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.</span>\n\n</span>\n\n</span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-209", "description": "CWE-209 Generation of Error Message Containing Sensitive Information"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-01-07T12:00:41.835Z"}}}, "cveMetadata": {"cveId": "CVE-2024-52893", "state": "PUBLISHED", "dateUpdated": "2025-01-07T14:44:00.514Z", "dateReserved": "2024-11-17T14:25:44.934Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2025-01-07T12:00:41.835Z", "assignerShortName": "ibm"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3\u00a0\n\ncould allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system."}, {"lang": "es", "value": "IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1 y 1.0.3 podr\u00eda permitir que un atacante remoto obtenga informaci\u00f3n confidencial cuando se devuelve un mensaje de error t\u00e9cnico detallado en el navegador. Esta informaci\u00f3n podr\u00eda utilizarse en futuros ataques contra el sistema."}], "id": "CVE-2024-52893", "lastModified": "2025-01-07T12:15:25.153", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "psirt@us.ibm.com", "type": "Primary"}]}, "published": "2025-01-07T12:15:25.153", "references": [{"source": "psirt@us.ibm.com", "url": "https://www.ibm.com/support/pages/node/7180303"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-209"}], "source": "psirt@us.ibm.com", "type": "Primary"}]}

{}