Analysis Summary

CVE-2024-55912 CVSS:5.9

IBM Concert Software uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

CVE-2024-55913 CVSS:5.3

IBM Concert Software 1.0.0 through 1.0.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.

CVE-2024-55909 CVSS:6.5

IBM Concert Software could allow an authenticated user to cause a denial of service due to the expansion of archive files without controlling resource consumption.

CVE-2024-55910 CVSS:6.5

IBM Concert Software 1.0.0 through 1.0.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

Impact

• Information Disclosure
• Denial of Service
• Gain Access

Indicators of Compromise

CVE

• CVE-2024-55912

• CVE-2024-55913

• CVE-2024-55909

• CVE-2024-55910

Affected Vendors

Remediation

Refer to IBM Security Advisory for patch, upgrade, or suggested workaround information.

IBM Security Advisory