- Description
- IBM Concert Software 1.0.0 and 1.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
- Source
- psirt@us.ibm.com
- NVD status
- Received
CVSS 3.1
- Type
- Primary
- Base score
- 5.9
- Impact score
- 3.6
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
- psirt@us.ibm.com
- CWE-311
- Hype score
- Not currently trending
CVE-2024-41757 Sensitive Data Leak in IBM Concert via HSTS Misconfiguration https://t.co/47tYea4RA2 Vulnerability Notification: https://t.co/xhLrNnfyrO
@VulmonFeeds
24 Jan 2025
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-41757 IBM Concert Software 1.0.0 and 1.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Sec… https://t.co/hu4wL2XCS4
@CVEnew
24 Jan 2025
177 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes