CVE-2025-64648
Cleartext Data Transmission in IBM Concert Enables MITM Attacks
Publication date: 2026-03-25
Last updated on: 2026-03-26
Assigner: IBM Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | concert | From 1.0.0 (inc) to 2.2.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-319 | The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects IBM Concert versions 1.0.0 through 2.2.0, where data is transmitted in clear text. Because the data is not encrypted, an attacker could use man-in-the-middle techniques to intercept and obtain sensitive information.
How can this vulnerability impact me? :
The vulnerability can lead to exposure of sensitive information to unauthorized parties. An attacker positioned between the communicating parties could intercept data transmitted in clear text, potentially compromising confidentiality.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in IBM Concert versions 1.0.0 through 2.2.0 involves transmitting data in clear text, which could allow attackers to intercept sensitive information via man-in-the-middle attacks.
This exposure of sensitive data in transit can lead to non-compliance with data protection standards and regulations such as GDPR and HIPAA, which require appropriate safeguards to protect personal and sensitive information from unauthorized access.
Therefore, organizations using affected versions of IBM Concert may face compliance risks if this vulnerability is not mitigated.