Ibm

Concert Software

22 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2025-36149

  • EPSS 0.03%
  • Veröffentlicht 21.11.2025 19:38:47
  • Zuletzt bearbeitet 02.12.2025 16:22:26

IBM Concert Software 1.0.0 through 2.0.0 could allow a remote attacker to hijack the clicking action of the victim.

5.5

CVE-2025-36083

  • EPSS 0.01%
  • Veröffentlicht 28.10.2025 14:55:35
  • Zuletzt bearbeitet 31.10.2025 18:59:03

IBM Concert Software 1.0.0 through 2.0.0 could allow a local user to obtain sensitive information from buffers due to improper clearing of heap memory before release.

5.3

CVE-2025-36081

  • EPSS 0.04%
  • Veröffentlicht 28.10.2025 14:53:10
  • Zuletzt bearbeitet 31.10.2025 19:01:21

IBM Concert Software 1.0.0 through 2.0.0 could allow a user to modify system logs due to improper neutralization of log input.

7.5

CVE-2025-1761

  • EPSS 0.06%
  • Veröffentlicht 08.09.2025 22:13:50
  • Zuletzt bearbeitet 17.09.2025 16:41:04

IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory.

6.1

CVE-2025-0656

  • EPSS 0.1%
  • Veröffentlicht 01.09.2025 14:23:54
  • Zuletzt bearbeitet 03.09.2025 16:05:47

IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credent...

5.4

CVE-2025-33082

  • EPSS 0.04%
  • Veröffentlicht 01.09.2025 14:22:55
  • Zuletzt bearbeitet 03.09.2025 16:05:38

IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentia...

5.4

CVE-2025-33083

  • EPSS 0.04%
  • Veröffentlicht 01.09.2025 14:22:14
  • Zuletzt bearbeitet 03.09.2025 16:05:02

IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentia...

5.9

CVE-2025-33084

  • EPSS 0.02%
  • Veröffentlicht 01.09.2025 14:20:52
  • Zuletzt bearbeitet 03.09.2025 16:04:50

IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive informat...

5.9

CVE-2025-33099

  • EPSS 0.03%
  • Veröffentlicht 01.09.2025 14:19:45
  • Zuletzt bearbeitet 03.09.2025 16:04:38

IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to perform unauthorized actions using man in the middle techniques due to improper certificate validation.

7.5

CVE-2025-33102

  • EPSS 0.02%
  • Veröffentlicht 01.09.2025 14:18:37
  • Zuletzt bearbeitet 03.09.2025 16:04:24

IBM Concert Software 1.0.0 through 1.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.