7.5
CVE-2025-1719
- EPSS 0.06%
- Veröffentlicht 20.01.2026 15:16:15
- Zuletzt bearbeitet 26.01.2026 19:41:26
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
LoginMultiple Vulnerabilities in IBM Concert Software
IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.06% | 0.177 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| psirt@us.ibm.com | 5.9 | 2.2 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-244 Improper Clearing of Heap Memory Before Release ('Heap Inspection')
Using realloc() to resize buffers that store sensitive information can leave the sensitive information exposed to attack, because it is not removed from memory.