Ibm

Concert

59 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2025-36253

  • EPSS 0.01%
  • Veröffentlicht 02.02.2026 23:15:59
  • Zuletzt bearbeitet 11.02.2026 20:33:57

IBM Concert 1.0.0 through 2.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

7.5

CVE-2025-1722

  • EPSS 0.05%
  • Veröffentlicht 20.01.2026 15:16:16
  • Zuletzt bearbeitet 26.01.2026 19:40:46

IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory.

7.5

CVE-2025-1719

  • EPSS 0.05%
  • Veröffentlicht 20.01.2026 15:16:15
  • Zuletzt bearbeitet 26.01.2026 19:41:26

IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory.

8.8

CVE-2025-33015

  • EPSS 0.05%
  • Veröffentlicht 20.01.2026 15:04:21
  • Zuletzt bearbeitet 26.01.2026 19:40:06

IBM Concert 1.0.0 through 2.1.0 is vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface.

7.4

CVE-2025-64645

  • EPSS 0.01%
  • Veröffentlicht 26.12.2025 14:24:57
  • Zuletzt bearbeitet 29.12.2025 17:38:35

IBM Concert 1.0.0 through 2.1.0 could allow a local user to escalate their privileges due to a race condition of a symbolic link.

7.5

CVE-2025-1721

  • EPSS 0.06%
  • Veröffentlicht 26.12.2025 13:15:46
  • Zuletzt bearbeitet 29.12.2025 18:15:52

IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory.

7.8

CVE-2025-12771

  • EPSS 0.01%
  • Veröffentlicht 26.12.2025 13:15:45
  • Zuletzt bearbeitet 29.12.2025 18:23:39

IBM Concert 1.0.0 through 2.1.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user could overflow the buffer and execute arbitrary code on the system.

6.2

CVE-2025-36154

  • EPSS 0.01%
  • Veröffentlicht 24.12.2025 19:15:44
  • Zuletzt bearbeitet 30.12.2025 20:35:00

IBM Concert 1.0.0 through 2.1.0 stores sensitive information in cleartext during recursive docker builds which could be obtained by a local user.

7.5

CVE-2025-36150

  • EPSS 0.02%
  • Veröffentlicht 24.11.2025 20:29:19
  • Zuletzt bearbeitet 01.12.2025 15:51:16

IBM Concert 1.0.0 through 2.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

5.4

CVE-2025-36149

  • EPSS 0.04%
  • Veröffentlicht 21.11.2025 19:38:47
  • Zuletzt bearbeitet 02.12.2025 16:22:26

IBM Concert Software 1.0.0 through 2.0.0 could allow a remote attacker to hijack the clicking action of the victim.