CVE-2024-43180

Name of the Vulnerable Software and Affected Versions IBM Concert version 1.0

Description The issue concerns the exposure of sensitive cookie information due to the missing secure attribute on authorization tokens or session cookies. Attackers can exploit this by sending a user a http:// link or by planting this link in a site the user visits, allowing them to obtain the cookie value by snooping the traffic. This could lead to potential data compromise.

Recommendations For IBM Concert version 1.0, upgrade the affected component immediately to resolve the issue. As a temporary workaround, consider restricting access to sensitive information until the upgrade is applied.