Description
IBM Concert 1.0.0 through 2.2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information
Published: 2026-03-25
Score: 5.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Weak cryptographic algorithms may allow decryption of highly sensitive information
Action: Apply Patch
AI Analysis

Impact

IBM Concert 1.0.0 through 2.2.0 employs cryptographic algorithms that are weaker than expected, creating a vulnerability that could enable an attacker to decrypt highly sensitive data stored or transmitted by the system. This weakness is classified as CWE‑1240, indicating a flaw in cryptographic material handling that directly compromises confidentiality.

Affected Systems

The vulnerability affects IBM Concert Software. Versions 1.0.0 through 2.2.0 are impacted, regardless of deployment type.

Risk and Exploitability

The CVSS score of 5.9 indicates moderate severity, while the EPSS score of less than 1% suggests a low likelihood of real‑world exploitation. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. Because the description does not specify the exact attack vector, it is reasonable to infer that an adversary would need access to encrypted data—through compromised credentials, local/system access, or interception of stored or transmitted information—to leverage this weakness. Administrators should review whether their environment handles sensitive cryptographic material and consider mitigating outcomes accordingly.

Generated by OpenCVE AI on March 26, 2026 at 20:05 UTC.

Remediation

Vendor Solution

IBM strongly recommends addressing the vulnerability now by upgrading to IBM Concert Software 2.3.1 Download IBM Concert Software 2.3.1 from Container software library section of IBM Entitled Registry ( ICR https://myibm.ibm.com/products-services/containerlibrary ) and follow  installation instructions https://www.ibm.com/docs/en/concert  depending on the type of deployment.

OpenCVE Recommended Actions

  • Upgrade IBM Concert Software to version 2.3.1 via the IBM Entitled Registry
  • Follow IBM’s installation instructions for your deployment type

Generated by OpenCVE AI on March 26, 2026 at 20:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 26 Mar 2026 18:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:ibm:concert:*:*:*:*:*:*:*:*

Thu, 26 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 25 Mar 2026 20:45:00 +0000

Type Values Removed Values Added
Description IBM Concert 1.0.0 through 2.2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information
Title Multiple Vulnerabilities in IBM Concert Software
First Time appeared Ibm
Ibm concert
Weaknesses CWE-1240
CPEs cpe:2.3:a:ibm:concert:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:concert:2.2.0:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm concert
References
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Ibm Concert
cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2026-03-26T16:10:00.297Z

Reserved: 2025-11-06T18:13:00.559Z

Link: CVE-2025-64647

cve-icon Vulnrichment

Updated: 2026-03-26T16:09:56.785Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-25T21:16:25.823

Modified: 2026-03-26T17:49:07.637

Link: CVE-2025-64647

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:29:37Z

Weaknesses