📦 Concert

This vulnerability allows local users with knowledge of IBM Concert's system architecture to escalate privileges by exploiting incorrect file permissions on critical resources. It affects IBM Concert ...

IBM Concert versions 1.0.0 through 2.1.0 contain an unrestricted file upload vulnerability that allows attackers to upload malicious files to the web interface. This could lead to remote code executio...

A local privilege escalation vulnerability exists in IBM Concert due to a race condition involving symbolic link handling. This allows authenticated local users to gain elevated privileges on affected...

CVE-2025-12771 is a stack-based buffer overflow vulnerability in IBM Concert versions 1.0.0 through 2.1.0. A local authenticated user could exploit this to execute arbitrary code with the privileges o...

CVE-2025-33090 is a denial-of-service vulnerability in IBM Concert Software where a remote attacker can send specially crafted regular expressions that cause excessive resource consumption, potentiall...

IBM Concert Software versions 1.0.0 through 1.0.2.1 contain a SQL injection vulnerability that allows remote attackers to execute arbitrary SQL commands. This could enable attackers to read, modify, o...

IBM Concert versions 1.0.0 through 2.1.0 contain hard-coded credentials that could allow remote attackers to authenticate to the system without proper authorization. This vulnerability enables attacke...

IBM Concert versions 1.0.0 through 2.1.0 contain a server-side request forgery (SSRF) vulnerability that allows authenticated attackers to make unauthorized requests from the server. This could enable...

IBM Concert for Z hub framework versions 1.0.0 through 2.1.0 contain a cross-site scripting (XSS) vulnerability that allows unauthenticated attackers to inject malicious JavaScript into the web interf...

IBM Concert versions 1.0.0 through 2.1.0 fail to properly invalidate user sessions after logout, allowing authenticated users to reuse old session tokens to impersonate other users. This affects all d...

IBM Concert versions 1.0.0 through 2.1.0 are vulnerable to HTTP header injection due to improper validation of HOST headers. This allows attackers to inject malicious HTTP headers, potentially leading...

IBM Concert versions 1.0.0 through 2.1.0 use weak cryptographic algorithms that could allow attackers to decrypt sensitive information. This affects organizations using these versions of IBM Concert s...

IBM Concert versions 1.0.0 through 2.1.0 contain a heap memory disclosure vulnerability where sensitive information from previously allocated memory could be exposed to remote attackers. This occurs d...

IBM Concert versions 1.0.0 through 2.1.0 contain a heap memory disclosure vulnerability where sensitive information from previously allocated memory could be exposed to remote attackers. This occurs d...

IBM Concert versions 1.0.0 through 2.1.0 contain a heap memory clearing vulnerability that could allow remote attackers to read sensitive information from previously allocated memory. This affects all...

IBM Concert versions 1.0.0 through 2.1.0 store sensitive information in cleartext during recursive Docker builds, allowing local users to access credentials or other secrets. This affects organization...

IBM Concert versions 1.0.0 through 2.0.0 use weak cryptographic algorithms that could allow attackers to decrypt sensitive information. This affects organizations using these versions of IBM Concert f...

IBM Concert Software versions 1.0.0 through 2.0.0 contain a clickjacking vulnerability (CWE-1021) that allows remote attackers to hijack user clicks. This could trick authenticated users into performi...

IBM Concert versions 1.0.0 through 2.0.0 contain an uncontrolled recursive directory copying vulnerability that allows local users with specific permissions to access sensitive files they shouldn't be...

IBM Concert versions 1.0.0 through 2.0.0 have a log file forgery vulnerability where local users can manipulate log entries to impersonate other users or conceal their activities. This occurs due to i...

IBM Concert versions 1.0.0 through 2.0.0 disclose sensitive server information via HTTP response headers. This information leakage could help attackers gather intelligence for further attacks against ...

IBM Concert versions 1.0.0 through 2.0.0 contain a cross-site scripting (XSS) vulnerability that allows unauthenticated attackers to inject malicious JavaScript into the web interface. This can lead t...

IBM Concert versions 1.0.0 through 2.0.0 fail to properly enable HTTP Strict-Transport-Security (HSTS), allowing man-in-the-middle attackers to intercept and potentially read sensitive information tra...

IBM Concert Software versions 1.0.0 through 2.0.0 contain a log injection vulnerability (CWE-117) that allows authenticated users to modify system logs by injecting malicious input. This affects organ...

IBM Concert Software versions 1.0.0 through 2.0.0 contain a heap memory clearing vulnerability that allows local users to access sensitive information from memory buffers. This affects organizations u...

IBM Concert versions 1.0.0 through 2.0.0 contain a server-side request forgery (SSRF) vulnerability that allows authenticated attackers to make unauthorized requests from the server. This could enable...

IBM Concert Software versions 1.0.0 through 1.1.0 have improper certificate validation, allowing man-in-the-middle attacks. This enables attackers to intercept and potentially manipulate communication...

IBM Concert Software versions 1.0.0 through 1.1.0 use weak cryptographic algorithms that could allow attackers to decrypt sensitive information. This affects organizations using these vulnerable versi...

IBM Concert Software versions 1.0.0 through 1.1.0 contain a cross-site scripting (XSS) vulnerability that allows authenticated users to inject malicious JavaScript into the web interface. This could e...

IBM Concert Software versions 1.0.0 through 1.1.0 contain a cross-site scripting (XSS) vulnerability that allows authenticated users to inject malicious JavaScript into the web interface. This could e...

IBM Concert Software versions 1.0.0 through 1.1.0 fail to properly enable HTTP Strict Transport Security (HSTS), allowing attackers to intercept unencrypted HTTP traffic via man-in-the-middle attacks....

CVE-2025-1759 is an information disclosure vulnerability in IBM Concert Software where improper heap memory clearing allows remote attackers to read sensitive data from previously allocated memory. Th...

IBM Concert Software versions 1.0.0 through 1.1.0 have an overly permissive CORS configuration that doesn't restrict allowed origins to trusted domains. This allows attackers to perform cross-origin r...

IBM Concert versions 1.0.0 through 1.0.2 contain an API vulnerability that allows attackers to extract sensitive information through specially crafted API calls. This affects organizations using these...

This vulnerability in IBM Concert Software allows authenticated users to inject malicious content into log files or extract sensitive information from them due to improper log neutralization. It affec...

This vulnerability in IBM Concert Software allows attackers to intercept unencrypted HTTP traffic due to missing HTTP Strict Transport Security (HSTS) headers. Attackers can use man-in-the-middle tech...

IBM Concert versions 1.0.0 through 2.1.0 store sensitive information in log files that local users can read. This information disclosure vulnerability could expose credentials, configuration details, ...