CVE-2024-43178
Published: 17 February 2026
Summary
CVE-2024-43178 is a medium-severity Use of a Broken or Risky Cryptographic Algorithm (CWE-327) vulnerability in Ibm Concert. Its CVSS base score is 5.9 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 5.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-13 (Cryptographic Protection) and SC-28 (Protection of Information at Rest).
Deeper analysis
CVE-2024-43178 affects IBM Concert versions 1.0.0 through 2.1.0, where the software uses weaker than expected cryptographic algorithms. This vulnerability, classified under CWE-327 (Broken or Risky Cryptographic Algorithm), enables an attacker to decrypt highly sensitive information. The issue received a CVSS v3.1 base score of 5.9 (Medium severity), reflecting network accessibility with high attack complexity, no privileges or user interaction required, unchanged scope, high confidentiality impact, and no integrity or availability impact.
An unauthenticated attacker with network access can exploit this vulnerability by leveraging the weak cryptographic algorithms to decrypt sensitive data, though the attack requires high complexity to execute successfully. Successful exploitation would result in unauthorized access to highly sensitive information protected by the affected cryptography in IBM Concert.
IBM has published a security advisory with details on mitigation at https://www.ibm.com/support/pages/node/7260162.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-55436
Vulnerability details
IBM Concert 1.0.0 through 2.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Weak crypto flaw in network-accessible IBM Concert service directly enables remote exploitation for sensitive data decryption (T1190) and facilitates access to unsecured credentials or secrets (T1552).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires implementation of approved cryptographic algorithms and protections, preventing use of weak algorithms that enable decryption of sensitive data.
Mandates cryptographic protection for transmission confidentiality, mitigating network-based decryption attacks against weak algorithms in IBM Concert.
Requires cryptographic protection of information at rest, addressing the risk of sensitive data exposure via weak algorithms regardless of storage location.