Ibm

Concert Software

19 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2025-1761

  • EPSS 0.05%
  • Published 08.09.2025 22:13:50
  • Last modified 17.09.2025 16:41:04

IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory.

6.1

CVE-2025-0656

  • EPSS 0.08%
  • Published 01.09.2025 14:23:54
  • Last modified 03.09.2025 16:05:47

IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credent...

5.4

CVE-2025-33082

  • EPSS 0.03%
  • Published 01.09.2025 14:22:55
  • Last modified 03.09.2025 16:05:38

IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentia...

5.4

CVE-2025-33083

  • EPSS 0.03%
  • Published 01.09.2025 14:22:14
  • Last modified 03.09.2025 16:05:02

IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentia...

5.9

CVE-2025-33084

  • EPSS 0.02%
  • Published 01.09.2025 14:20:52
  • Last modified 03.09.2025 16:04:50

IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive informat...

5.9

CVE-2025-33099

  • EPSS 0.03%
  • Published 01.09.2025 14:19:45
  • Last modified 03.09.2025 16:04:38

IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to perform unauthorized actions using man in the middle techniques due to improper certificate validation.

7.5

CVE-2025-33102

  • EPSS 0.02%
  • Published 01.09.2025 14:18:37
  • Last modified 03.09.2025 16:04:24

IBM Concert Software 1.0.0 through 1.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

7.5

CVE-2025-33100

  • EPSS 0.02%
  • Published 18.08.2025 14:02:24
  • Last modified 21.08.2025 19:15:33

IBM Concert Software 1.0.0 through 1.1.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

7.5

CVE-2025-33090

  • EPSS 0.14%
  • Published 18.08.2025 14:01:32
  • Last modified 21.08.2025 19:25:23

IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to cause a denial of service using a specially crafted regular expression that would cause excessive resource consumption.

9.8

CVE-2025-27909

  • EPSS 0.03%
  • Published 18.08.2025 14:00:31
  • Last modified 21.08.2025 20:56:49

IBM Concert Software 1.0.0 through 1.1.0 uses cross-origin resource sharing (CORS) which could allow an attacker to carry out privileged actions as the domain name is not being limited to only trusted domains.