IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory.
Advisories
Source ID Title
EUVD EUVD EUVD-2025-27273 IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory.
Fixes

Solution

IBM strongly recommends addressing the vulnerability now by upgrading to IBM Concert Software 2.0.0 Download IBM Concert Software 2.0.0 from Container software library section of IBM Entitled Registry ( ICR https://myibm.ibm.com/products-services/containerlibrary ) and follow installation instructions https://www.ibm.com/docs/en/concert  depending on the type of deployment.


Workaround

No workaround given by the vendor.

History

Wed, 17 Sep 2025 16:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:ibm:concert:*:*:*:*:*:*:*:*

Tue, 09 Sep 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 08 Sep 2025 22:30:00 +0000

Type Values Removed Values Added
Description IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory.
Title IBM Concert Software information disclosure
First Time appeared Ibm
Ibm concert
Weaknesses CWE-824
CPEs cpe:2.3:a:ibm:concert:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:concert:1.1.0:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm concert
References
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2025-09-09T13:30:27.403Z

Reserved: 2025-02-27T16:33:31.328Z

Link: CVE-2025-1761

cve-icon Vulnrichment

Updated: 2025-09-09T13:15:40.797Z

cve-icon NVD

Status : Analyzed

Published: 2025-09-08T23:15:35.047

Modified: 2025-09-17T16:41:04.240

Link: CVE-2025-1761

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.