CVE-2024-52366

Name of the Vulnerable Software and Affected Versions IBM Concert Software versions 1.0.0 through 1.0.3

Description The issue is related to the failure to properly enable HTTP Strict Transport Security, which could allow a remote attacker to obtain sensitive information using man-in-the-middle techniques. This could enable an attacker to exploit the vulnerability and gain unauthorized access to protected information.

Recommendations For versions 1.0.0 through 1.0.3, enable HTTP Strict Transport Security to prevent man-in-the-middle attacks and protect sensitive information. As a temporary workaround, consider restricting access to sensitive data until the issue is resolved.