8.8

CVE-2025-33015

Multiple Vulnerabilities in IBM Concert Software

IBM Concert 1.0.0 through 2.1.0 is vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmConcert Version >= 1.0.0 < 2.2.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.06% 0.176
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
psirt@us.ibm.com 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.