CVE-2024-49354

Name of the Vulnerable Software and Affected Versions IBM Concert versions 1.0.0 through 1.0.2

Description The issue is related to sensitive information disclosure through specially crafted API calls. It is associated with insufficient protection of service data due to the use of incompatible policies. This could allow a remote attacker to gain unauthorized access to protected information.

Recommendations For versions 1.0.0 through 1.0.2, consider disabling or restricting access to the API calls that expose sensitive information until a patch is available. Restrict access to sensitive data and ensure that all policies are compatible and up-to-date to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.