Every CVE whose affected-product data names Ibm Concert, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (65)
CVE-2025-33015 — CVSS 8.8 (high): IBM Concert 1.0.0 through 2.1.0 is vulnerable to malicious file upload by not validating the content of the file uploaded to the web…
CVE-2025-12771 — CVSS 7.8 (high): IBM Concert 1.0.0 through 2.1.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user could…
CVE-2025-64645 — CVSS 7.7 (high): IBM Concert 1.0.0 through 2.1.0 could allow a local user to escalate their privileges due to a race condition of a symbolic link.
CVE-2024-52360 — CVSS 7.6 (high): IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL…
CVE-2025-33090 — CVSS 7.5 (high): IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to cause a denial of service using a specially crafted regular…
CVE-2025-33088 — CVSS 7.4 (high): IBM Concert 1.0.0 through 2.1.0 could allow a local user with specific knowledge about the system's architecture to escalate their…
CVE-2025-36018 — CVSS 6.5 (medium): IBM Concert 1.0.0 through 2.1.0 for Z hub component is vulnerable to cross-site request forgery which could allow an attacker to execute…
CVE-2024-51451 — CVSS 6.5 (medium): IBM Concert 1.0.0 through 2.1.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This…
CVE-2024-55909 — CVSS 6.5 (medium): IBM Concert Software 1.0.0 through 1.0.5 could allow an authenticated user to cause a denial of service due to the expansion of archive…
CVE-2024-55910 — CVSS 6.5 (medium): IBM Concert Software 1.0.0 through 1.0.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to…
CVE-2025-33089 — CVSS 6.5 (medium): IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information or perform unauthorized actions due to the…
CVE-2024-43181 — CVSS 6.3 (medium): IBM Concert 1.0.0 through 2.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another…
CVE-2025-36149 — CVSS 6.3 (medium): IBM Concert Software 1.0.0 through 2.0.0 could allow a remote attacker to hijack the clicking action of the victim.
CVE-2025-12708 — CVSS 6.2 (medium): IBM Concert 1.0.0 through 2.2.0 contains hard-coded credentials that could be obtained by a local user.
CVE-2025-13044 — CVSS 6.2 (medium): IBM Concert 1.0.0 through 2.2.0 creates temporary files with predictable names, which allows local users to overwrite arbitrary files via a…
CVE-2025-36159 — CVSS 6.2 (medium): IBM Concert 1.0.0 through 2.0.0 could allow a local user to forge log files to impersonate other users or hide their identity due to…
CVE-2025-36154 — CVSS 6.2 (medium): IBM Concert 1.0.0 through 2.1.0 stores sensitive information in cleartext during recursive docker builds which could be obtained by a local…
CVE-2025-33100 — CVSS 6.2 (medium): IBM Concert Software 1.0.0 through 1.1.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its…
CVE-2025-64646 — CVSS 6.2 (medium): IBM Concert 1.0.0 through 2.2.0 could allow an attacker to access sensitive information in memory due to the buffer not properly clearing…
CVE-2025-36083 — CVSS 6.2 (medium): IBM Concert Software 1.0.0 through 2.0.0 could allow a local user to obtain sensitive information from buffers due to improper clearing of…
CVE-2025-36019 — CVSS 6.1 (medium): IBM Concert 1.0.0 through 2.1.0 for Z hub framework is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated…
CVE-2025-36153 — CVSS 6.1 (medium): IBM Concert 1.0.0 through 2.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed…
CVE-2025-0656 — CVSS 6.1 (medium): IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated user to embed…
CVE-2024-41785 — CVSS 6.1 (medium): IBM Concert Software 1.0.0 through 1.0.1 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to…
CVE-2025-64648 — CVSS 5.9 (medium): IBM Concert 1.0.0 through 2.2.0 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the…
CVE-2024-41757 — CVSS 5.9 (medium): IBM Concert Software 1.0.0 and 1.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly…
CVE-2024-43177 — CVSS 5.9 (medium): IBM Concert 1.0.0 and 1.0.1 vulnerable to attacks that rely on the use of cookies without the SameSite attribute.
CVE-2024-43178 — CVSS 5.9 (medium): IBM Concert 1.0.0 through 2.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive…
CVE-2024-43189 — CVSS 5.9 (medium): IBM Concert Software 1.0.0 through 1.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly…
CVE-2024-52366 — CVSS 5.9 (medium): IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could allow a remote attacker to obtain sensitive information, caused by the…
CVE-2024-55912 — CVSS 5.9 (medium): IBM Concert Software 1.0.0 through 1.0.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly…
CVE-2025-1719 — CVSS 5.9 (medium): IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper…
CVE-2025-1721 — CVSS 5.9 (medium): IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper…
CVE-2025-1722 — CVSS 5.9 (medium): IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper…
CVE-2025-1759 — CVSS 5.9 (medium): IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to…
CVE-2025-1761 — CVSS 5.9 (medium): IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to…
CVE-2025-33084 — CVSS 5.9 (medium): IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly…
CVE-2025-33099 — CVSS 5.9 (medium): IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to perform unauthorized actions using man in the middle techniques…
CVE-2025-33101 — CVSS 5.9 (medium): IBM Concert 1.0.0 through 2.1.0 could allow an attacker to obtain sensitive information using man in the middle techniques due to improper…
CVE-2025-33102 — CVSS 5.9 (medium): IBM Concert Software 1.0.0 through 1.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly…
CVE-2025-36150 — CVSS 5.9 (medium): IBM Concert 1.0.0 through 2.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive…
CVE-2025-36161 — CVSS 5.9 (medium): IBM Concert 1.0.0 through 2.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable…
CVE-2025-36253 — CVSS 5.9 (medium): IBM Concert 1.0.0 through 2.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive…
CVE-2025-64647 — CVSS 5.9 (medium): IBM Concert 1.0.0 through 2.2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive…
CVE-2025-27909 — CVSS 5.4 (medium): IBM Concert Software 1.0.0 through 1.1.0 uses cross-origin resource sharing (CORS) which could allow an attacker to carry out privileged…
CVE-2025-33082 — CVSS 5.4 (medium): IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed…
CVE-2025-33083 — CVSS 5.4 (medium): IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed…
CVE-2025-36243 — CVSS 5.4 (medium): IBM Concert 1.0.0 through 2.1.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send…
CVE-2025-36085 — CVSS 5.4 (medium): IBM Concert 1.0.0 through 2.0.0 Software is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to…
CVE-2024-52891 — CVSS 5.4 (medium): IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could allow an authenticated user to inject malicious information or obtain…
CVE-2024-55913 — CVSS 5.3 (medium): IBM Concert Software 1.0.0 through 1.0.5 could allow a remote attacker to traverse directories on the system. An attacker could send a…
CVE-2024-52893 — CVSS 5.3 (medium): IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could allow a remote attacker to obtain sensitive information when a detailed…
CVE-2025-36081 — CVSS 5.3 (medium): IBM Concert Software 1.0.0 through 2.0.0 could allow a user to modify system logs due to improper neutralization of log input.
CVE-2024-52367 — CVSS 5.3 (medium): IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could disclose sensitive system information to an unauthorized actor that…
CVE-2024-49354 — CVSS 5.3 (medium): IBM Concert 1.0.0, 1.0.1, and 1.0.2 is vulnerable to sensitive information disclosure through specially crafted API Calls.
CVE-2025-36160 — CVSS 5.3 (medium): IBM Concert 1.0.0 through 2.0.0 could disclose sensitive server information from HTTP response headers that could aid in further attacks…
CVE-2025-36438 — CVSS 5.1 (medium): IBM Concert 1.0.0 through 2.2.0 could allow a privileged user to perform unauthorized actions due to improper restriction of channel…
CVE-2025-36158 — CVSS 5.1 (medium): IBM Concert 1.0.0 through 2.0.0 could allow a local user with specific permission to obtain sensitive information from files due to…
CVE-2025-36440 — CVSS 5.1 (medium): IBM Concert 1.0.0 through 2.2.0 could allow a local user to obtain sensitive information due to missing function level access control.
CVE-2024-43180 — CVSS 4.3 (medium): IBM Concert 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie…
CVE-2024-52359 — CVSS 4.3 (medium): IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 could allow an authenticated user to perform unauthorized actions that should be…
CVE-2024-37070 — CVSS 4.3 (medium): IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 could allow an authenticated user to obtain sensitive information that could aid in…
CVE-2024-43173 — CVSS 3.7 (low): IBM Concert 1.0.0 and 1.0.1 vulnerable to attacks that rely on the use of cookies without the SameSite attribute.
CVE-2024-49827 — CVSS 3.7 (low): IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to excessive data exposure, allowing attackers to access sensitive information…
CVE-2025-33081 — CVSS 3.3 (low): IBM Concert 1.0.0 through 2.1.0 stores potentially sensitive information in log files that could be read by a local user.