Ibm Concert
35 CVEs affecting Ibm Concert. Latest disclosed: 2026-04-07. Critical: 0, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-33015 | High | 8.8 | 2026-01-20 | IBM Concert 1.0.0 through 2.1.0 is vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. |
CVE-2025-12771 | High | 7.8 | 2025-12-26 | IBM Concert 1.0.0 through 2.1.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user could overflow the buffer and… |
CVE-2025-64645 | High | 7.7 | 2025-12-26 | IBM Concert 1.0.0 through 2.1.0 could allow a local user to escalate their privileges due to a race condition of a symbolic link. |
CVE-2025-33088 | High | 7.4 | 2026-02-17 | IBM Concert 1.0.0 through 2.1.0 could allow a local user with specific knowledge about the system's architecture to escalate their privileges due to incorrect… |
CVE-2025-33089 | Medium | 6.5 | 2026-02-17 | IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information or perform unauthorized actions due to the use of hard coded user… |
CVE-2025-36018 | Medium | 6.5 | 2026-02-17 | IBM Concert 1.0.0 through 2.1.0 for Z hub component is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthor… |
CVE-2024-51451 | Medium | 6.5 | 2026-02-04 | IBM Concert 1.0.0 through 2.1.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attack… |
CVE-2024-43181 | Medium | 6.3 | 2026-02-04 | IBM Concert 1.0.0 through 2.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. |
CVE-2025-13044 | Medium | 6.2 | 2026-04-07 | IBM Concert 1.0.0 through 2.2.0 creates temporary files with predictable names, which allows local users to overwrite arbitrary files via a symlink attack. |
CVE-2025-64646 | Medium | 6.2 | 2026-03-25 | IBM Concert 1.0.0 through 2.2.0 could allow an attacker to access sensitive information in memory due to the buffer not properly clearing resources. |
CVE-2025-12708 | Medium | 6.2 | 2026-03-25 | IBM Concert 1.0.0 through 2.2.0 contains hard-coded credentials that could be obtained by a local user. |
CVE-2025-36154 | Medium | 6.2 | 2025-12-24 | IBM Concert 1.0.0 through 2.1.0 stores sensitive information in cleartext during recursive docker builds which could be obtained by a local user. |
CVE-2025-36159 | Medium | 6.2 | 2025-11-20 | IBM Concert 1.0.0 through 2.0.0 could allow a local user to forge log files to impersonate other users or hide their identity due to improper neutralization of… |
CVE-2025-36019 | Medium | 6.1 | 2026-02-17 | IBM Concert 1.0.0 through 2.1.0 for Z hub framework is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbit… |
CVE-2025-36153 | Medium | 6.1 | 2025-11-20 | IBM Concert 1.0.0 through 2.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code… |
CVE-2025-64648 | Medium | 5.9 | 2026-03-25 | IBM Concert 1.0.0 through 2.2.0 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques. |
CVE-2025-64647 | Medium | 5.9 | 2026-03-25 | IBM Concert 1.0.0 through 2.2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information |
CVE-2025-33101 | Medium | 5.9 | 2026-02-17 | IBM Concert 1.0.0 through 2.1.0 could allow an attacker to obtain sensitive information using man in the middle techniques due to improper clearing of heap mem… |
CVE-2024-43178 | Medium | 5.9 | 2026-02-17 | IBM Concert 1.0.0 through 2.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. |
CVE-2025-36253 | Medium | 5.9 | 2026-02-02 | IBM Concert 1.0.0 through 2.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. |