CVE-2024-51451 IBM — Exploit & Vulnerability Details MEDIUM

CVE-2024-51451

MEDIUM CVSS 3.1: 6.5 EPSS 0.05%

Parameter	Value
CVSS	6.5 (MEDIUM)
Affected Versions	1.0.0 — 2.2.0
Fixed In	2.2.0
Type	CWE-644
Vendor	IBM
Public PoC	No

IBM Concert 1.0.0 through 2.1.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

Low

Easy to exploit

Privileges Required

None

No privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

Low

Partial data leak

Integrity

Low

Partial data modification

Availability

None

No disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-644

Vulnerable Products 1

ibm:concert

Known Affected Software Configurations 1

Configuration	From (including)	Up to (excluding)
Ibm Concert cpe:2.3:a:ibm:concert::::::::	`1.0.0`	`2.2.0`

References 1

https://www.ibm.com/support/pages/node/7257006

psirt@us.ibm.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2025-13688

IBM

8.8

CVE-2025-13687

IBM

8.8

CVE-2025-13686

IBM

8.8

CVE-2026-1265

IBM

5.3

CVE-2025-36364

IBM

3.3

Menu

CVE-2024-51451

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

Vulnerable Products 1

Known Affected Software Configurations 1

References 1

Related Vulnerabilities

CVE-2025-13688

CVE-2025-13687

CVE-2025-13686

CVE-2026-1265

CVE-2025-36364

CVE Details

Editor's Choice

Menu

CVE-2024-51451

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

Vulnerable Products 1

Known Affected Software Configurations 1

References 1

Related Vulnerabilities

CVE-2025-13688

CVE-2025-13687

CVE-2025-13686

CVE-2026-1265

CVE-2025-36364

CVE Details

Editor's Choice

Stay informed on cybersecurity