CVE Vulnerabilities

CVE-2024-43177

Improper Certificate Validation

Published: Oct 22, 2024 | Modified: Oct 25, 2024
CVSS 3.x
9.8
CRITICAL
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
root.io minimus.io echohq.com

IBM Concert 1.0.0 and 1.0.1 vulnerable to attacks that rely on the use of cookies without the SameSite attribute.

Weakness

The product does not validate, or incorrectly validates, a certificate.

Affected Software

Name Vendor Start Version End Version
Concert Ibm 1.0.0 (including) 1.0.0 (including)
Concert Ibm 1.0.1 (including) 1.0.1 (including)

Potential Mitigations

References