CVE-2024-52891

Name of the Vulnerable Software and Affected Versions IBM Concert Software versions 1.0.0 through 1.0.3

Description The issue is related to improper log neutralization, which could allow an authenticated user to inject malicious information or obtain information from log files. This is due to the incorrect handling of log registration outputs. Exploitation of the issue may enable a remote attacker to execute arbitrary commands.

Recommendations For versions 1.0.0 through 1.0.3, consider disabling log registration functionality until a patch is available to prevent malicious information injection or unauthorized access to log files. Restrict access to log files to minimize the risk of exploitation. As a temporary workaround, limit the ability of authenticated users to interact with log files. At the moment, there is no information about a newer version that contains a fix for this vulnerability.