IBM Concert 1.0.0 through 2.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
PUBLISHED5.2ApplicationCWE-613
Multiple Vulnerabilities in IBM Concert Software
Problem type
Affected products
IBM
Concert
<= 2.1.0 - AFFECTED
References
JSON source
https://cveawg.mitre.org/api/cve/CVE-2024-43181Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2024-43181",
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"dateUpdated": "2026-02-04T21:18:38.919Z",
"dateReserved": "2024-08-07T13:29:34.028Z",
"datePublished": "2026-02-04T21:18:38.919Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm",
"dateUpdated": "2026-02-04T21:18:38.919Z"
},
"title": "Multiple Vulnerabilities in IBM Concert Software",
"descriptions": [
{
"lang": "en",
"value": "IBM Concert 1.0.0 through 2.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.",
"supportingMedia": [
{
"type": "text/html",
"base64": false,
"value": "<p>IBM Concert 1.0.0 through 2.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.</p>"
}
]
}
],
"affected": [
{
"vendor": "IBM",
"product": "Concert",
"cpes": [
"cpe:2.3:a:ibm:concert:1.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:concert:2.1.0:*:*:*:*:*:*:*"
],
"versions": [
{
"version": "1.0.0",
"status": "affected",
"versionType": "semver",
"lessThanOrEqual": "2.1.0"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "CWE-613 Insufficient Session Expiration",
"cweId": "CWE-613",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7257006",
"tags": [
"vendor-advisory",
"patch"
]
}
],
"metrics": [
{
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
],
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
}
}
],
"solutions": [
{
"lang": "en",
"value": "The recommended solution to address this vulnerability is to upgrade IBM Db2 Big SQL to version 8.2 or later available on IBM Cloud Pak for Data 5.2 or later by following the instructions for Upgrading Cloud Pak for Data https://www.ibm.com/docs/en/cloud-paks/cp-data/5.2.x and Upgrading the Db2 Big SQL https://www.ibm.com/docs/en/cloud-paks/cp-data/5.2.x service.",
"supportingMedia": [
{
"type": "text/html",
"base64": false,
"value": "<span style=\"background-color: rgb(255, 255, 255);\">The recommended solution to address this vulnerability is to upgrade IBM Db2 Big SQL to version 8.2 or later available on IBM Cloud Pak for Data 5.2 or later by following the instructions for </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/docs/en/cloud-paks/cp-data/5.2.x?topic=upgrading\">Upgrading Cloud Pak for Data</a><span style=\"background-color: rgb(255, 255, 255);\"> and </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/docs/en/cloud-paks/cp-data/5.2.x?topic=sql-upgrading\">Upgrading the Db2 Big SQL</a><span style=\"background-color: rgb(255, 255, 255);\"> service.</span><br>"
}
]
}
]
}
}
}