IBM Concert Software
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in IBM Concert Software.
By the Year
In 2026 there have been 0 vulnerabilities in IBM Concert Software. Last year, in 2025 Concert Software had 18 security vulnerabilities published. Right now, Concert Software is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 18 | 6.01 |
| 2024 | 5 | 7.42 |
It may take a day or so for new Concert Software vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent IBM Concert Software Security Vulnerabilities
IBM Concert Soft 1.0-2.0 Remote Click Hijacking Vulner
CVE-2025-36149
6.3 - Medium
- November 21, 2025
IBM Concert Software 1.0.0 through 2.0.0 could allow a remote attacker to hijack the clicking action of the victim.
Clickjacking
IBM Concert Software 1.0.0-2.0.0 Local User Heap Memory Clear Vulnerability
CVE-2025-36083
6.2 - Medium
- October 28, 2025
IBM Concert Software 1.0.0 through 2.0.0 could allow a local user to obtain sensitive information from buffers due to improper clearing of heap memory before release.
Heap Inspection
IBM Concert Software 1.0.0-2.0.0 Log Input Injection Allows Log Modification
CVE-2025-36081
5.3 - Medium
- October 28, 2025
IBM Concert Software 1.0.0 through 2.0.0 could allow a user to modify system logs due to improper neutralization of log input.
Improper Output Neutralization for Logs
IBM Concert Software 1.0-1.1 Hard-Coded Credentials in Auth & Crypto
CVE-2025-33100
6.2 - Medium
- August 18, 2025
IBM Concert Software 1.0.0 through 1.1.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
Use of Hard-coded Credentials
IBM Concert Software 1.0.0-1.1.0 Heap Memory Disclosure via Improper Clearing
CVE-2025-1759
5.9 - Medium
- August 18, 2025
IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory.
Heap Inspection
IBM Concert Software 1.0.0-1.1.0 Data Exposure (CVE-2024-49827)
CVE-2024-49827
3.7 - Low
- August 18, 2025
IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to excessive data exposure, allowing attackers to access sensitive information without proper filtering.
Exposure of Sensitive Information Due to Incompatible Policies
IBM Concert Software 1.0–1.1 CORS Misconfig Allows Privileged Actions
CVE-2025-27909
5.4 - Medium
- August 18, 2025
IBM Concert Software 1.0.0 through 1.1.0 uses cross-origin resource sharing (CORS) which could allow an attacker to carry out privileged actions as the domain name is not being limited to only trusted domains.
Permissive Cross-domain Policy with Untrusted Domains
IBM Concert Software 1.0.0-1.1.0 DoS via Crafted Regex
CVE-2025-33090
7.5 - High
- August 18, 2025
IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to cause a denial of service using a specially crafted regular expression that would cause excessive resource consumption.
ReDoS
Weak Crypto in IBM Concert Software 1.0.0-1.0.5 Enables Decryption of Sensitive Data
CVE-2024-55912
5.9 - Medium
- May 02, 2025
IBM Concert Software 1.0.0 through 1.0.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
Use of a Broken or Risky Cryptographic Algorithm
Remote Directory Traversal in IBM Concert Software 1.0.0-1.0.5
CVE-2024-55913
5.3 - Medium
- May 02, 2025
IBM Concert Software 1.0.0 through 1.0.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
Directory traversal
IBM Concert Software 1.0.0-1.0.5 SSRF Vulnerability
CVE-2024-55910
6.5 - Medium
- May 02, 2025
IBM Concert Software 1.0.0 through 1.0.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
SSRF
IBM Concert Software 1.0.0-1.0.5 Archive Expansion DoS
CVE-2024-55909
6.5 - Medium
- May 02, 2025
IBM Concert Software 1.0.0 through 1.0.5 could allow an authenticated user to cause a denial of service due to the expansion of archive files without controlling resource consumption.
Data Amplification
IBM Concert 1.0.5 Inadequate Lockout Enables Remote Brute-Force
CVE-2024-51476
7.5 - High
- March 06, 2025
IBM Concert Software 1.0.5 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.
Improper Restriction of Excessive Authentication Attempts
IBM Concert Software 1.0.0-1.0.1 Remote Info Leak via HSTS Misconfig
CVE-2024-41757
5.9 - Medium
- January 24, 2025
IBM Concert Software 1.0.0 and 1.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
Cleartext Transmission of Sensitive Information
IBM Concert Software 1.0.0-1.0.3: Remote Info Disclosure via HSTS Misconfig
CVE-2024-52366
5.9 - Medium
- January 07, 2025
IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
Use of a Broken or Risky Cryptographic Algorithm
IBM Concert Software 1.0.x Info Disclosure via Unauthorized Actor
CVE-2024-52367
7.5 - High
- January 07, 2025
IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could disclose sensitive system information to an unauthorized actor that could be used in further attacks against the system.
Exposure of Sensitive System Information to an Unauthorized Control Sphere
IBM Concert Soft 1.0.01.0.3 Log Neutralization Bypass Auth Info Disclosure
CVE-2024-52891
5.4 - Medium
- January 07, 2025
IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could allow an authenticated user to inject malicious information or obtain information from log files due to improper log neutralization.
Improper Output Neutralization for Logs
IBM ConcertSoftware 1.0.x Info Leak via Detailed Error Message
CVE-2024-52893
5.3 - Medium
- January 07, 2025
IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
Generation of Error Message Containing Sensitive Information
IBM Concert Software: Authenticated User Information Disclosure Vulnerability
CVE-2024-37070
6.5 - Medium
- November 19, 2024
IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 could allow an authenticated user to obtain sensitive information that could aid in further attacks against the system.
Exposure of Sensitive System Information to an Unauthorized Control Sphere
IBM Concert Software: Improper Access Control Vulnerability
CVE-2024-52359
8.8 - High
- November 19, 2024
IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 could allow an authenticated user to perform unauthorized actions that should be reserved to administrator used due to improper access controls.
Incorrect User Management
IBM Concert Software SQL Injection Vulnerability
CVE-2024-52360
9.8 - Critical
- November 19, 2024
IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database.
SQL Injection
IBM Concert Software XSS via Web UI v1.0.0-1.0.1
CVE-2024-41785
6.1 - Medium
- November 15, 2024
IBM Concert Software 1.0.0 through 1.0.1 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
XSS
IBM Concert Software 1.0.0-1.0.1 HSTS Neg Remote Info Disclosure
CVE-2024-43189
5.9 - Medium
- November 15, 2024
IBM Concert Software 1.0.0 through 1.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
Use of a Broken or Risky Cryptographic Algorithm
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for IBM Concert Software or by IBM? Click the Watch button to subscribe.
