CVE-2025-36438
Received
Received - Intake
Improper Channel Restriction in IBM Concert Enables Unauthorized Actions
Publication date: 2026-03-25
Last updated on: 2026-03-26
Assigner: IBM Corporation
Description
Description
IBM Concert 1.0.0 through 2.2.0 could allow a privileged user to perform unauthorized actions due to improper restriction of channel communication to intended endpoints.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | concert | From 1.0.0 (inc) to 2.2.0 (inc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-923 | The product establishes a communication channel to (or from) an endpoint for privileged or protected operations, but it does not properly ensure that it is communicating with the correct endpoint. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects IBM Concert versions 1.0.0 through 2.2.0. It allows a privileged user to perform unauthorized actions because the software does not properly restrict channel communication to only the intended endpoints.
How can this vulnerability impact me? :
The impact of this vulnerability is that a privileged user could exploit it to carry out unauthorized actions within the system. This could lead to potential misuse or manipulation of the application, compromising its integrity.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70