Severity
Medium
Analysis Summary
CVE-2024-55912 CVSS:5.9
IBM Concert Software uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
CVE-2024-55913 CVSS:5.3
IBM Concert Software 1.0.0 through 1.0.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
CVE-2024-55909 CVSS:6.5
IBM Concert Software could allow an authenticated user to cause a denial of service due to the expansion of archive files without controlling resource consumption.
CVE-2024-55910 CVSS:6.5
IBM Concert Software 1.0.0 through 1.0.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
Impact
- Information Disclosure
- Denial of Service
- Gain Access
Indicators of Compromise
CVE
CVE-2024-55912
CVE-2024-55913
CVE-2024-55909
CVE-2024-55910
Affected Vendors
- IBM
Affected Products
- IBM Concert Software - 1.0.0
Remediation
Refer to IBM Security Advisory for patch, upgrade, or suggested workaround information.