CVE-2024-41757

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-41757

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-41757.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-41757

Published

2025-01-24T16:15:36.297Z

Modified

2026-04-02T12:17:32.447089Z

Severity

5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

IBM Concert Software 1.0.0 and 1.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.

References

https://www.ibm.com/support/pages/node/7173596

Affected packages

Git / github.com/ibm/concert

Affected ranges

Type

GIT

Repo

https://github.com/ibm/concert

Events

Introduced

Last affected

a58b5d823f3d64e1bb3e2171c3cbc684aec96252

Introduced

Last affected

131d8c00b53c7f379eaa9443a2efc436d2632ba4

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0.1"
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-41757.json"