CVE-2025-36440 | IBM Concert up to 2.2.0 insufficiently protected credentials

VDB-353511 · CVE-2025-36440 · GCVE-0-2025-36440 IBM CONCERT UP TO 2.2.0 INSUFFICIENTLY PROTECTED CREDENTIALS HISTORYDIFFRELATEJSONXMLCTI CVSS Meta Temp Score Current Exploit Price (≈) CTI Interest Score 5.1 $0-$5k 2.45+ Summaryinfo A vulnerability marked as problematic has been reported in IBM Concert up to 2.2.0. This issue affects some unknown processing. Performing a manipulation results in insufficiently protected credentials. This vulnerability is identified as CVE-2025-36440. The attack is only possible with local access. There is not any exploit available. It is suggested to upgrade the affected component. Detailsinfo A vulnerability classified as problematic has been found in IBM Concert up to 2.2.0. This affects an unknown code. The manipulation with an unknown input leads to a insufficiently protected credentials vulnerability. CWE is classifying the issue as CWE-522. The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. This is going to have an impact on confidentiality, integrity, and availability. The summary by CVE is: IBM Concert 1.0.0 through 2.2.0 could allow a local user to obtain sensitive information due to missing function level access control. It is possible to read the advisory at ibm.com. This vulnerability is uniquely identified as CVE-2025-36440 since 04/15/2025. The exploitability is told to be easy. Attacking locally is a requirement. The technical details are unknown and an exploit is not publicly available. The attack technique deployed by this issue is T1552 according to MITRE ATT&CK. Upgrading eliminates this vulnerability. Productinfo Vendor IBM Name Concert Version 2.0 2.1 2.2.0 License commercial Website Vendor: https://www.ibm.com/ CPE 2.3info 🔒 🔒 🔒 CPE 2.2info 🔒 🔒 🔒 CVSSv4info VulDB Vector: 🔒 VulDB Reliability: 🔍 CVSSv3info VulDB Meta Base Score: 5.2 VulDB Meta Temp Score: 5.1 VulDB Base Score: 5.3 VulDB Temp Score: 5.1 VulDB Vector: 🔒 VulDB Reliability: 🔍 CNA Base Score: 5.1 CNA Vector (ibm): 🔒 CVSSv2info Vector Complexity Authentication Confidentiality Integrity Availability Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock VulDB Base Score: 🔒 VulDB Temp Score: 🔒 VulDB Reliability: 🔍 Exploitinginfo Class: Insufficiently protected credentials CWE: CWE-522 CAPEC: 🔒 ATT&CK: 🔒 Physical: Partially Local: Yes Remote: No Availability: 🔒 Status: Not defined Price Prediction: 🔍 Current Price Estimation: 🔒 0-Day Unlock Unlock Unlock Unlock Today Unlock Unlock Unlock Unlock Threat Intelligenceinfo Interest: 🔍 Active Actors: 🔍 Active APT Groups: 🔍 Countermeasuresinfo Recommended: Upgrade Status: 🔍 0-Day Time: 🔒 Timelineinfo 04/15/2025 CVE reserved 03/25/2026 +344 days Advisory disclosed 03/25/2026 +0 days VulDB entry created 03/25/2026 +0 days VulDB entry last update Sourcesinfo Vendor: ibm.com Advisory: ibm.com Status: Confirmed CVE: CVE-2025-36440 (🔒) GCVE (CVE): GCVE-0-2025-36440 GCVE (VulDB): GCVE-100-353511 Entryinfo Created: 03/25/2026 23:05 Changes: 03/25/2026 23:05 (62) Complete: 🔍 Cache ID: 99:115:101 Discussion No comments yet. Languages: en. Please log in to comment. ◂ PreviousOverviewNext ▸