Incorrect Permission Assignment for Critical Resource vulnerability in ILM Informatique OpenConcerto allows Replace Binaries. This issue affects OpenConcerto: 1.7.5.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact Low

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Vendors Products
Ilm Informatique
  • Openconcerto

No data.

No data.

References
Link Providers
https://www.spirityenterprise.com/pentest spirity
https://www.spirityenterprise.com/managed-detection-response spirity
https://www.openconcerto.org/fr/version-1.7.html cve-icon cve-icon
History

Mon, 04 May 2026 16:15:00 +0000

Type Values Removed Values Added
Title Incorrect Permission Assignment Allows Replacement of Critical Binaries in OpenConcerto
First Time appeared Ilm Informatique
Ilm Informatique openconcerto
Vendors & Products Ilm Informatique
Ilm Informatique openconcerto

Mon, 04 May 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 04 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description Incorrect Permission Assignment for Critical Resource vulnerability in ILM Informatique OpenConcerto allows Replace Binaries. This issue affects OpenConcerto: 1.7.5.
Weaknesses CWE-732
References
Metrics cvssV4_0

{'score': 2.4, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N'}
cve-icon MITRE

Status: PUBLISHED

Assigner: TCS-CERT

Published:

Updated: 2026-05-04T14:43:54.994Z

Reserved: 2026-04-17T09:33:56.258Z

Link: CVE-2026-6499

cve-icon Vulnrichment

Updated: 2026-05-04T14:43:51.725Z

cve-icon NVD

Status : Received

Published: 2026-05-04T14:16:36.133

Modified: 2026-05-04T14:16:36.133

Link: CVE-2026-6499

cve-icon Redhat

No data.