CVE-2025-36083
Multiple Vulnerabilities in IBM Concert Software.
In short
IBM Concert Software versions 1.0.0 to 2.0.0 fails to properly clear sensitive data from memory before freeing it. An attacker with local access can read leftover data from freed memory, potentially exposing passwords or other confidential information.
Technical detail
CWE-244 (improper clearing of heap memory) allows local attackers to recover sensitive information from uninitialized or incompletely cleared heap buffers after memory deallocation. The vulnerability affects Concert versions 1.0.0–2.0.0 and requires local system access; impact includes unauthorized disclosure of sensitive data previously stored in memory.
Summary generated and translated by AI from the official description.
IBM Concert Software
1.0.0 through 2.0.0 could allow a local user to obtain sensitive information from buffers due to improper clearing of heap memory before release.
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected products
IBM · Concert SoftwareWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →