Description
Incorrect Permission Assignment for Critical Resource vulnerability in ILM Informatique OpenConcerto allows Replace Binaries.

This issue affects OpenConcerto: 1.7.5.
Published: 2026-05-04
Score: 2.4 Low
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

ILM Informatique OpenConcerto contains a flaw in which critical resources are assigned incorrect permissions, allowing an attacker to replace binaries within the application. This weakness can lead to the execution of malicious code or further compromise of system integrity, as essential executable files can be overwritten without proper authorization. The vulnerability is classified as a permissions issue (CWE-732).

Affected Systems

Vendors and products affected are ILM Informatique OpenConcerto, specifically version 1.7.5. No other products or versions are listed as impacted.

Risk and Exploitability

The CVSS score of 2.4 suggests a low overall severity; exploitation would likely require local access or a user with sufficient privileges to write to protected directories. The EPSS score is unavailable, and the vulnerability is not listed in the CISA KEV catalog, indicating that no known widespread exploitation has been reported. The missing explicit attack vector in the description leads to the inference that a privileged user or a process with elevated rights could trigger the binary replacement. Given the low severity and the lack of exploitation data, the risk is considered moderate but still actionable.

Generated by OpenCVE AI on May 4, 2026 at 15:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the latest released version of OpenConcerto that corrects the file permission assignment.
  • Apply the minimum required file permissions to all critical binary directories, ensuring that only trusted administrative accounts can write to them.
  • Implement file integrity monitoring to detect unexpected modifications to executable files and trigger alerts.

Generated by OpenCVE AI on May 4, 2026 at 15:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 04 May 2026 16:15:00 +0000

Type Values Removed Values Added
Title Incorrect Permission Assignment Allows Replacement of Critical Binaries in OpenConcerto
First Time appeared Ilm Informatique
Ilm Informatique openconcerto
Vendors & Products Ilm Informatique
Ilm Informatique openconcerto

Mon, 04 May 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 04 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description Incorrect Permission Assignment for Critical Resource vulnerability in ILM Informatique OpenConcerto allows Replace Binaries. This issue affects OpenConcerto: 1.7.5.
Weaknesses CWE-732
References
Metrics cvssV4_0

{'score': 2.4, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N'}

Subscriptions

Ilm Informatique Openconcerto
cve-icon MITRE

Status: PUBLISHED

Assigner: TCS-CERT

Published:

Updated: 2026-05-04T14:43:54.994Z

Reserved: 2026-04-17T09:33:56.258Z

Link: CVE-2026-6499

cve-icon Vulnrichment

Updated: 2026-05-04T14:43:51.725Z

cve-icon NVD

Status : Received

Published: 2026-05-04T14:16:36.133

Modified: 2026-05-04T14:16:36.133

Link: CVE-2026-6499

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-04T16:05:57Z

Weaknesses