Cyber Resilience

CVE-2024-43178

Medium

Published: 17 February 2026

Published
17 February 2026
Modified
18 February 2026
KEV Added
Patch
CVSS Score v3.1 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0002 5.2th percentile
Risk Priority 12 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-43178 is a medium-severity Use of a Broken or Risky Cryptographic Algorithm (CWE-327) vulnerability in Ibm Concert. Its CVSS base score is 5.9 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 5.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-13 (Cryptographic Protection) and SC-28 (Protection of Information at Rest).

Deeper analysis

CVE-2024-43178 affects IBM Concert versions 1.0.0 through 2.1.0, where the software uses weaker than expected cryptographic algorithms. This vulnerability, classified under CWE-327 (Broken or Risky Cryptographic Algorithm), enables an attacker to decrypt highly sensitive information. The issue received a CVSS v3.1 base score of 5.9 (Medium severity), reflecting network accessibility with high attack complexity, no privileges or user interaction required, unchanged scope, high confidentiality impact, and no integrity or availability impact.

An unauthenticated attacker with network access can exploit this vulnerability by leveraging the weak cryptographic algorithms to decrypt sensitive data, though the attack requires high complexity to execute successfully. Successful exploitation would result in unauthorized access to highly sensitive information protected by the affected cryptography in IBM Concert.

IBM has published a security advisory with details on mitigation at https://www.ibm.com/support/pages/node/7260162.

EU & UK References

Vulnerability details

IBM Concert 1.0.0 through 2.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1552 Unsecured Credentials Credential Access
Adversaries may search compromised systems to find and obtain insecurely stored credentials.
Why these techniques?

Weak crypto flaw in network-accessible IBM Concert service directly enables remote exploitation for sensitive data decryption (T1190) and facilitates access to unsecured credentials or secrets (T1552).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-36253Same product: Ibm Concert
CVE-2025-33088Same product: Ibm Concert
CVE-2024-45643Same product: Linux Linux Kernel
CVE-2024-41763Same product: Linux Linux Kernel
CVE-2024-27256Same vendor: Ibm
CVE-2025-1719Same product: Ibm Concert
CVE-2025-13219Same product: Linux Linux Kernel
CVE-2025-13916Same product: Linux Linux Kernel
CVE-2025-13214Same product: Linux Linux Kernel
CVE-2025-13723Same product: Linux Linux Kernel

Affected Assets

ibm
concert
1.0.0 — 2.2.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires implementation of approved cryptographic algorithms and protections, preventing use of weak algorithms that enable decryption of sensitive data.

prevent

Mandates cryptographic protection for transmission confidentiality, mitigating network-based decryption attacks against weak algorithms in IBM Concert.

prevent

Requires cryptographic protection of information at rest, addressing the risk of sensitive data exposure via weak algorithms regardless of storage location.

References