CVE-2024-52367

Medium

Published: 07 January 2025

Published

07 January 2025

Modified

18 July 2025

KEV Added

—

Patch

—

CVSS Score 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS Score 0.0010 28.2th percentile

Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Description

IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could disclose sensitive system information to an unauthorized actor that could be used in further attacks against the system.

Security Summary

CVE-2024-52367 affects IBM Concert Software versions 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3, where the software could disclose sensitive system information to an unauthorized actor. This vulnerability, mapped to CWE-497 (with NVD-CWE-noinfo), carries a CVSS v3.1 base score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N), reflecting medium severity primarily due to low-impact confidentiality loss.

A remote attacker without privileges or user interaction can exploit this over the network with low attack complexity. Exploitation results in access to sensitive system information, which could facilitate further attacks against the system.

The IBM security advisory provides details on remediation; see https://www.ibm.com/support/pages/node/7180303.

Details

CWE(s): CWE-497NVD-CWE-noinfo

Affected Products

ibm

concert

1.0.0, 1.0.1, 1.0.2, 1.0.2.1, 1.0.3

References

https://www.ibm.com/support/pages/node/7180303
Vendor Advisory · psirt@us.ibm.com