CVE-2024-43189

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-43189

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-43189.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-43189

Published

2024-11-15T15:15:07.307Z

Modified

2026-04-02T12:18:03.026989Z

Severity

5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

IBM Concert Software 1.0.0 through 1.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.

References

https://www.ibm.com/support/pages/node/7173596

Affected packages

Git / github.com/ibm/concert

Affected ranges

Type

GIT

Repo

https://github.com/ibm/concert

Events

Introduced

Last affected

a58b5d823f3d64e1bb3e2171c3cbc684aec96252

Introduced

Last affected

131d8c00b53c7f379eaa9443a2efc436d2632ba4

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0.1"
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-43189.json"