Vulnerability-Lookup

CNVD-2026-13786

Vulnerability from cnvd - Published: 2026-03-10

Title

IBM Concert信息泄露漏洞（CNVD-2026-13786）

Description

IBM Concert是IBM公司用于协调与管理企业级应用的软件平台。 IBM Concert存在信息泄露漏洞。攻击者可利用该漏洞通过中间人攻击窃取敏感信息。

Severity

中

Patch Name

IBM Concert信息泄露漏洞（CNVD-2026-13786）的补丁

Patch Description

IBM Concert是IBM公司用于协调与管理企业级应用的软件平台。 IBM Concert存在信息泄露漏洞。攻击者可利用该漏洞通过中间人攻击窃取敏感信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞。补丁获取链接： https://www.ibm.com/support/pages/node/7260162

Reference

https://nvd.nist.gov/vuln/detail/CVE-2025-33101

Impacted products

Name
IBM Concert >=1.0.0，<=2.1.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2025-33101",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-33101"
    }
  },
  "description": "IBM Concert\u662fIBM\u516c\u53f8\u7528\u4e8e\u534f\u8c03\u4e0e\u7ba1\u7406\u4f01\u4e1a\u7ea7\u5e94\u7528\u7684\u8f6f\u4ef6\u5e73\u53f0\u3002\n\nIBM Concert\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u4e2d\u95f4\u4eba\u653b\u51fb\u7a83\u53d6\u654f\u611f\u4fe1\u606f\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\u3002\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.ibm.com/support/pages/node/7260162",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2026-13786",
  "openTime": "2026-03-10",
  "patchDescription": "IBM Concert\u662fIBM\u516c\u53f8\u7528\u4e8e\u534f\u8c03\u4e0e\u7ba1\u7406\u4f01\u4e1a\u7ea7\u5e94\u7528\u7684\u8f6f\u4ef6\u5e73\u53f0\u3002\r\n\r\nIBM Concert\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u4e2d\u95f4\u4eba\u653b\u51fb\u7a83\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "IBM Concert\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2026-13786\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "IBM Concert \u003e=1.0.0\uff0c\u003c=2.1.0"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2025-33101",
  "serverity": "\u4e2d",
  "submitTime": "2026-02-28",
  "title": "IBM Concert\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2026-13786\uff09"
}

CVE-2025-33101 (GCVE-0-2025-33101)

Vulnerability from cvelistv5 – Published: 2026-02-17 19:03 – Updated: 2026-03-06 19:03

Title

Multiple Vulnerabilities in IBM Concert Software.

Summary

IBM Concert 1.0.0 through 2.1.0 could allow an attacker to obtain sensitive information using man in the middle techniques due to improper clearing of heap memory.

Severity ?

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-244 - Improper Clearing of Heap Memory Before Release ('Heap Inspection')

Assigner

ibm

References

URL

Tags

https://www.ibm.com/support/pages/node/7260162

vendor-advisorypatch

Impacted products

	Vendor	Product	Version
	IBM	Concert	Affected: 1.0.0 , ≤ 2.1.0 (semver) cpe:2.3:a:ibm:concert:1.0.0:::::::* cpe:2.3:a:ibm:concert:2.1.0:::::::*

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-33101",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-17T20:18:16.665495Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-06T19:03:49.419Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:concert:1.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:concert:2.1.0:*:*:*:*:*:*:*"
          ],
          "product": "Concert",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "2.1.0",
              "status": "affected",
              "version": "1.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIBM Concert 1.0.0 through 2.1.0 could allow an attacker to obtain sensitive information using man in the middle techniques due to improper clearing of heap memory.\u003c/p\u003e"
            }
          ],
          "value": "IBM Concert 1.0.0 through 2.1.0 could allow an attacker to obtain sensitive information using man in the middle techniques due to improper clearing of heap memory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-244",
              "description": "CWE-244 Improper Clearing of Heap Memory Before Release (\u0027Heap Inspection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-17T19:03:44.747Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://www.ibm.com/support/pages/node/7260162"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading to IBM Concert Software 2.2.0 Download IBM Concert Software 2.2.0 from Container software library section of IBM Entitled Registry ( ICR ) and follow installation instructions depending on the type of deployment.\u003c/p\u003e"
            }
          ],
          "value": "IBM strongly recommends addressing the vulnerability now by upgrading to IBM Concert Software 2.2.0 Download IBM Concert Software 2.2.0 from Container software library section of IBM Entitled Registry ( ICR ) and follow installation instructions depending on the type of deployment."
        }
      ],
      "title": "Multiple Vulnerabilities in IBM Concert Software.",
      "x_generator": {
        "engine": "ibm-cvegen"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2025-33101",
    "datePublished": "2026-02-17T19:03:44.747Z",
    "dateReserved": "2025-04-15T17:50:40.774Z",
    "dateUpdated": "2026-03-06T19:03:49.419Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2026-13786

CVE-2025-33101 (GCVE-0-2025-33101)

Tags

Sightings

Nomenclature