CVE-2025-33101
Multiple Vulnerabilities in IBM Concert Software.
In short
IBM Concert versions 1.0.0 to 2.1.0 fail to properly clear sensitive data from memory, allowing attackers to intercept communications and steal information through man-in-the-middle attacks.
Technical detail
The vulnerability arises from inadequate heap memory sanitization (CWE-244), enabling attackers positioned between the client and server to extract sensitive information left in memory. Exploitation requires network proximity and the ability to intercept traffic, with impact limited to confidentiality of data in transit.
Summary generated and translated by AI from the official description.
IBM Concert 1.0.0 through 2.1.0 could allow an attacker to obtain sensitive information using man in the middle techniques due to improper clearing of heap memory.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
IBM · ConcertWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →