CVE-2025-36083 - Vulnerability Details - OpenCVE

IBM Concert Software

1.0.0 through 2.0.0 could allow a local user to obtain sensitive information from buffers due to improper clearing of heap memory before release.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Ibm	Concert

No data.

No data.

No data.

Advisories

No advisories yet.

Fixes

Solution

Remediation/Fixes IBM strongly recommends addressing the vulnerability now by upgrading to IBM Concert Software 2.1.0 Download IBM Concert Software 2.1.0 from Container software library section of IBM Entitled Registry ( ICR ) and follow installation instructions depending on the type of deployment.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.ibm.com/support/pages/node/7249356

History

Tue, 28 Oct 2025 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 28 Oct 2025 15:00:00 +0000

Type	Values Removed	Values Added
Description		IBM Concert Software 1.0.0 through 2.0.0 could allow a local user to obtain sensitive information from buffers due to improper clearing of heap memory before release.
Title		Multiple Vulnerabilities in IBM Concert Software.
First Time appeared		Ibm Ibm concert
Weaknesses		CWE-244
CPEs		cpe:2.3:a:ibm:concert:1.0.0:::::::* cpe:2.3:a:ibm:concert:2.0.0:::::::*
Vendors & Products		Ibm Ibm concert
References		https://www.ibm.com/support/pages/node/7249356
Metrics		cvssV3_1 `{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}`

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2025-10-28T14:55:35.813Z

Updated: 2025-10-28T15:20:05.847Z

Reserved: 2025-04-15T21:16:13.890Z

Link: CVE-2025-36083

Vulnrichment

Updated: 2025-10-28T15:19:46.692Z

NVD

Status : Received

Published: 2025-10-28T15:16:12.427

Modified: 2025-10-28T15:16:12.427

Link: CVE-2025-36083

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-36083", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2025-04-15T21:16:13.890Z", "datePublished": "2025-10-28T14:55:35.813Z", "dateUpdated": "2025-10-28T15:20:05.847Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:ibm:concert:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:concert:2.0.0:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "product": "Concert Software", "vendor": "IBM", "versions": [{"lessThanOrEqual": "2.0.0", "status": "affected", "version": "1.0.0", "versionType": "semver"}]}], "cpeApplicability": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:concert_software:*:*:*:*:*:*:*:*", "versionEndIncluding": "2.0.0", "versionStartIncluding": "1.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>IBM Concert Software \n\n<span style=\"background-color: rgb(255, 255, 255);\">1.0.0 through 2.0.0 </span>could allow a local user to obtain sensitive information from buffers due to improper clearing of heap memory before release.</p>"}], "value": "IBM Concert Software \n\n1.0.0 through 2.0.0\u00a0could allow a local user to obtain sensitive information from buffers due to improper clearing of heap memory before release."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-244", "description": "CWE-244 Improper Clearing of Heap Memory Before Release ('Heap Inspection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-10-28T14:55:35.813Z"}, "references": [{"tags": ["vendor-advisory", "patch"], "url": "https://www.ibm.com/support/pages/node/7249356"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Remediation/Fixes IBM strongly recommends addressing the vulnerability now by upgrading to IBM Concert Software 2.1.0 Download IBM Concert Software 2.1.0 from Container software library section of IBM Entitled Registry ( ICR ) and follow installation instructions depending on the type of deployment.</p>"}], "value": "Remediation/Fixes IBM strongly recommends addressing the vulnerability now by upgrading to IBM Concert Software 2.1.0 Download IBM Concert Software 2.1.0 from Container software library section of IBM Entitled Registry ( ICR ) and follow installation instructions depending on the type of deployment."}], "source": {"discovery": "UNKNOWN"}, "title": "Multiple Vulnerabilities in IBM Concert Software.", "x_generator": {"engine": "ibm-cvegen"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-28T15:19:32.524376Z", "id": "CVE-2025-36083", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-28T15:20:05.847Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-36083", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-28T15:19:32.524376Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-28T15:19:46.692Z"}}], "cna": {"title": "Multiple Vulnerabilities in IBM Concert Software.", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:ibm:concert:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:concert:2.0.0:*:*:*:*:*:*:*"], "vendor": "IBM", "product": "Concert Software", "versions": [{"status": "affected", "version": "1.0.0", "versionType": "semver", "lessThanOrEqual": "2.0.0"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Remediation/Fixes IBM strongly recommends addressing the vulnerability now by upgrading to IBM Concert Software 2.1.0 Download IBM Concert Software 2.1.0 from Container software library section of IBM Entitled Registry ( ICR ) and follow installation instructions depending on the type of deployment.", "supportingMedia": [{"type": "text/html", "value": "<p>Remediation/Fixes IBM strongly recommends addressing the vulnerability now by upgrading to IBM Concert Software 2.1.0 Download IBM Concert Software 2.1.0 from Container software library section of IBM Entitled Registry ( ICR ) and follow installation instructions depending on the type of deployment.</p>", "base64": false}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7249356", "tags": ["vendor-advisory", "patch"]}], "x_generator": {"engine": "ibm-cvegen"}, "descriptions": [{"lang": "en", "value": "IBM Concert Software \n\n1.0.0 through 2.0.0\u00a0could allow a local user to obtain sensitive information from buffers due to improper clearing of heap memory before release.", "supportingMedia": [{"type": "text/html", "value": "<p>IBM Concert Software \n\n<span style=\"background-color: rgb(255, 255, 255);\">1.0.0 through 2.0.0 </span>could allow a local user to obtain sensitive information from buffers due to improper clearing of heap memory before release.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-244", "description": "CWE-244 Improper Clearing of Heap Memory Before Release ('Heap Inspection')"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:concert_software:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "2.0.0", "versionStartIncluding": "1.0.0"}], "operator": "OR"}], "operator": "OR"}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-10-28T14:55:35.813Z"}}}, "cveMetadata": {"cveId": "CVE-2025-36083", "state": "PUBLISHED", "dateUpdated": "2025-10-28T15:20:05.847Z", "dateReserved": "2025-04-15T21:16:13.890Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2025-10-28T14:55:35.813Z", "assignerShortName": "ibm"}, "dataVersion": "5.1"}