CVE-2024-43173
IBM Concert information disclosure
In short
IBM Concert versions 1.0.0 and 1.0.1 don't properly protect cookies, allowing attackers to steal user session data through cross-site requests. This puts user accounts at risk of unauthorized access.
Technical detail
The application fails to set the SameSite attribute on cookies, enabling CSRF-based cookie theft attacks. An attacker can craft malicious cross-site requests to harvest session cookies from authenticated users, potentially leading to session hijacking and information disclosure.
Summary generated and translated by AI from the official description.
IBM Concert 1.0.0 and 1.0.1 vulnerable to attacks that rely on the use of cookies without the SameSite attribute.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected products
IBM · ConcertWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →