CVE-2024-55910 MEDIUM

CVE-2024-55910: IBM Concert Software server-side request forgery

Vendor Ibm

Product Concert Software

Weakness CWE-918 · SSRF

Published May 2, 2025

Last update August 28, 2025

View on NVD All CVEs

CVSS base score

6.5/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

IBM Concert Software 1.0.0 through 1.0.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

Key dates

02Disclosure timeline

May 2, 2025 CVE published

August 28, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-55910

Related vulnerabilities

04Related CVE

CVE-2024-38472 Apache HTTP Server on WIndows UNC SSRF CVE-2025-10861 Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers <= 2.1.4 - Unauthenticated Server-Side Request Forgery CVE-2026-10052 Quay/config-tool: quay/config-tool: ssrf via unfiltered ldap and smtp config validation endpoints CVE-2022-46830 CVE-2026-42281 MagicMirror²: Unauthenticated SSRF via /cors endpoint