{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-43181","assignerOrgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","state":"PUBLISHED","assignerShortName":"ibm","dateReserved":"2024-08-07T13:29:34.028Z","datePublished":"2026-02-04T21:18:38.919Z","dateUpdated":"2026-02-05T14:31:47.992Z"},"containers":{"cna":{"affected":[{"cpes":["cpe:2.3:a:ibm:concert:1.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:concert:2.1.0:*:*:*:*:*:*:*"],"product":"Concert","vendor":"IBM","versions":[{"lessThanOrEqual":"2.1.0","status":"affected","version":"1.0.0","versionType":"semver"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>IBM Concert 1.0.0 through 2.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.</p>"}],"value":"IBM Concert 1.0.0 through 2.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"LOW","baseScore":6.3,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-613","description":"CWE-613 Insufficient Session Expiration","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","shortName":"ibm","dateUpdated":"2026-02-04T21:18:38.919Z"},"references":[{"tags":["vendor-advisory","patch"],"url":"https://www.ibm.com/support/pages/node/7257006"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<span style=\"background-color: rgb(255, 255, 255);\">The recommended solution to address this vulnerability is to upgrade IBM Db2 Big SQL to version 8.2 or later available on IBM Cloud Pak for Data 5.2 or later by following the instructions for </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/docs/en/cloud-paks/cp-data/5.2.x?topic=upgrading\">Upgrading Cloud Pak for Data</a><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;and </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/docs/en/cloud-paks/cp-data/5.2.x?topic=sql-upgrading\">Upgrading the Db2 Big SQL</a><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;service.</span><br>"}],"value":"The recommended solution to address this vulnerability is to upgrade IBM Db2 Big SQL to version 8.2 or later available on IBM Cloud Pak for Data 5.2 or later by following the instructions for  Upgrading Cloud Pak for Data https://www.ibm.com/docs/en/cloud-paks/cp-data/5.2.x  and  Upgrading the Db2 Big SQL https://www.ibm.com/docs/en/cloud-paks/cp-data/5.2.x  service."}],"title":"Multiple Vulnerabilities in IBM Concert Software","x_generator":{"engine":"ibm-cvegen"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-02-05T14:20:06.397737Z","id":"CVE-2024-43181","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-02-05T14:31:47.992Z"}}]}}