CVE-2024-55912 - Vulnerability Details - OpenCVE

IBM Concert Software 1.0.0 through 1.0.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Ibm	Concert

No data.

No data.

References

Link	Providers
https://www.ibm.com/support/pages/node/7232169

History

Fri, 02 May 2025 13:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 02 May 2025 01:15:00 +0000

Type	Values Removed	Values Added
Description		IBM Concert Software 1.0.0 through 1.0.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
Title		IBM Concert Software information disclosure
First Time appeared		Ibm Ibm concert
Weaknesses		CWE-327
CPEs		cpe:2.3:a:ibm:concert:1.0.0:::::::* cpe:2.3:a:ibm:concert:1.0.5:::::::*
Vendors & Products		Ibm Ibm concert
References		https://www.ibm.com/support/pages/node/7232169
Metrics		cvssV3_1 `{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2025-05-02T00:36:49.658Z

Updated: 2025-05-02T12:23:53.452Z

Reserved: 2024-12-12T18:07:25.451Z

Link: CVE-2024-55912

Vulnrichment

Updated: 2025-05-02T12:23:49.754Z

NVD

Status : Awaiting Analysis

Published: 2025-05-02T01:15:54.000

Modified: 2025-05-02T13:52:51.693

Link: CVE-2024-55912

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-55912", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2024-12-12T18:07:25.451Z", "datePublished": "2025-05-02T00:36:49.658Z", "dateUpdated": "2025-05-02T12:23:53.452Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:ibm:concert:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:concert:1.0.5:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "product": "Concert Software", "vendor": "IBM", "versions": [{"lessThanOrEqual": "1.0.5", "status": "affected", "version": "1.0.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "IBM Concert Software 1.0.0 through 1.0.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information."}], "value": "IBM Concert Software 1.0.0 through 1.0.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-327", "description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-05-02T00:36:49.658Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.ibm.com/support/pages/node/7232169"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "IBM strongly recommends addressing the vulnerability now by upgrading to IBM Concert Software 1.1.0."}], "value": "IBM strongly recommends addressing the vulnerability now by upgrading to IBM Concert Software 1.1.0."}], "source": {"discovery": "UNKNOWN"}, "title": "IBM Concert Software information disclosure", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-02T12:23:46.391397Z", "id": "CVE-2024-55912", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-02T12:23:53.452Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-55912", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-02T12:23:46.391397Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-02T12:23:49.754Z"}}], "cna": {"title": "IBM Concert Software information disclosure", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:ibm:concert:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:concert:1.0.5:*:*:*:*:*:*:*"], "vendor": "IBM", "product": "Concert Software", "versions": [{"status": "affected", "version": "1.0.0", "versionType": "semver", "lessThanOrEqual": "1.0.5"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "IBM strongly recommends addressing the vulnerability now by upgrading to IBM Concert Software 1.1.0.", "supportingMedia": [{"type": "text/html", "value": "IBM strongly recommends addressing the vulnerability now by upgrading to IBM Concert Software 1.1.0.", "base64": false}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7232169", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "IBM Concert Software 1.0.0 through 1.0.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.", "supportingMedia": [{"type": "text/html", "value": "IBM Concert Software 1.0.0 through 1.0.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-327", "description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-05-02T00:36:49.658Z"}}}, "cveMetadata": {"cveId": "CVE-2024-55912", "state": "PUBLISHED", "dateUpdated": "2025-05-02T12:23:53.452Z", "dateReserved": "2024-12-12T18:07:25.451Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2025-05-02T00:36:49.658Z", "assignerShortName": "ibm"}, "dataVersion": "5.1"}