Ibm Concert Software
30 CVEs affecting Ibm Concert Software. Latest disclosed: 2025-10-28. Critical: 0, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-52360 | High | 7.6 | 2024-11-19 | IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which coul… |
CVE-2025-33090 | High | 7.5 | 2025-08-18 | IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to cause a denial of service using a specially crafted regular expression that would cau… |
CVE-2024-51476 | High | 7.5 | 2025-03-06 | IBM Concert Software 1.0.5 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. |
CVE-2024-55910 | Medium | 6.5 | 2025-05-02 | IBM Concert Software 1.0.0 through 1.0.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized req… |
CVE-2024-55909 | Medium | 6.5 | 2025-05-02 | IBM Concert Software 1.0.0 through 1.0.5 could allow an authenticated user to cause a denial of service due to the expansion of archive files without controlli… |
CVE-2025-36083 | Medium | 6.2 | 2025-10-28 | IBM Concert Software 1.0.0 through 2.0.0 could allow a local user to obtain sensitive information from buffers due to improper clearing of heap memory before… |
CVE-2025-33100 | Medium | 6.2 | 2025-08-18 | IBM Concert Software 1.0.0 through 1.1.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authenti… |
CVE-2025-0656 | Medium | 6.1 | 2025-09-01 | IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated user to embed arbitrary JavaScript… |
CVE-2024-41785 | Medium | 6.1 | 2024-11-15 | IBM Concert Software 1.0.0 through 1.0.1 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaSc… |
CVE-2025-1761 | Medium | 5.9 | 2025-09-08 | IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap m… |
CVE-2025-33084 | Medium | 5.9 | 2025-09-01 | IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Tr… |
CVE-2025-33099 | Medium | 5.9 | 2025-09-01 | IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to perform unauthorized actions using man in the middle techniques due to improper certi… |
CVE-2025-33102 | Medium | 5.9 | 2025-09-01 | IBM Concert Software 1.0.0 through 1.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive informatio… |
CVE-2025-1759 | Medium | 5.9 | 2025-08-18 | IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap m… |
CVE-2024-55912 | Medium | 5.9 | 2025-05-02 | IBM Concert Software 1.0.0 through 1.0.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive informatio… |
CVE-2024-41757 | Medium | 5.9 | 2025-01-24 | IBM Concert Software 1.0.0 and 1.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transp… |
CVE-2024-52366 | Medium | 5.9 | 2025-01-07 | IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly e… |
CVE-2024-43189 | Medium | 5.9 | 2024-11-15 | IBM Concert Software 1.0.0 through 1.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Tr… |
CVE-2025-33082 | Medium | 5.4 | 2025-09-01 | IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript c… |
CVE-2025-33083 | Medium | 5.4 | 2025-09-01 | IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript c… |