CVE-2025-36440
Received
Received - Intake
Missing Function Level Access Control in IBM Concert Allows Data Exposure
Publication date: 2026-03-25
Last updated on: 2026-03-26
Assigner: IBM Corporation
Description
Description
IBM Concert 1.0.0 through 2.2.0 could allow a local user to obtain sensitive information due to missing function level access control.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | concert | From 1.0.0 (inc) to 2.2.0 (inc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-522 | The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in IBM Concert versions 1.0.0 through 2.2.0 allows a local user to obtain sensitive information because the software lacks proper function level access control.
How can this vulnerability impact me? :
The vulnerability could allow a local user to access sensitive information that they should not be able to see, potentially leading to information disclosure and privacy risks.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70