IBM Concert Sensitive Information Disclosure Vulnerability
Vulnerability
A vulnerability in IBM Concert versions 1.0.0, 1.0.1, and 1.0.2 allows for sensitive information disclosure through specially crafted API calls. This issue arises from incompatible policies that expose sensitive data.
Impact
Exploitation of this vulnerability could lead to unauthorized disclosure of sensitive information.
Remediation
Users are advised to upgrade to IBM Concert version 1.0.2.1, available through the IBM Entitled Registry. After upgrading, it is recommended to rotate any end user or application secrets used within Concert.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
0.0impact
2.5exploitability
7.4remediation
7.7relevance
0.0threat
0.0urgency
2.9incentive
5.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.