← Back

CVE-2024-43177

nvd nist
Published: Oct 22, 2024Modified: Oct 25, 2024

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

IBM Concert 1.0.0 and 1.0.1 vulnerable to attacks that rely on the use of cookies without the SameSite attribute.

Affected (2)

Products: Ibm: Concert
Ibm
1 product
Concert
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Ibm
Concert
Version 1.0.0
Concert
Version 1.0.1

Related CWEs

CWE-295
Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.

References (1)

Source: psirt@us.ibm.com
Vendor Advisory

Timeline

No history available yet.