CVE-2024-52366

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-52366

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-52366.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-52366

Published

2025-01-07T12:15:24.680Z

Modified

2026-04-02T12:18:42.498133Z

Severity

5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.

References

https://www.ibm.com/support/pages/node/7180303

Affected packages

Git / github.com/ibm/concert

Affected ranges

Type

GIT

Repo

https://github.com/ibm/concert

Events

Introduced

Last affected

a58b5d823f3d64e1bb3e2171c3cbc684aec96252

Introduced

Last affected

131d8c00b53c7f379eaa9443a2efc436d2632ba4

Introduced

Last affected

0312544220cfe89044cfb7bee2bcdfa055d91d62

Introduced

Last affected

0312544220cfe89044cfb7bee2bcdfa055d91d62

Introduced

Last affected

0e062bc9699c1812aa1cafe1075b6065efc6b678

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0.2.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0.3"
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-52366.json"