CVE-2025-36440: Multiple Vulnerabilities in IBM Concert Software
Published Mar 23, 2026
·Updated
IBM Concert 1.0.0 through 2.2.0 could allow a local user to obtain sensitive information due to missing function level access control.
Affected Software
2 affected components
IBM Concert Software<=1.0.0-2.2.0
IBM Concert>=1.0.0<=2.2.0
Remediation
Information
IBM strongly recommends addressing the vulnerability now by upgrading to IBM Concert Software 2.3.1
Download IBM Concert Software 2.3.1 from Container software library section of IBM Entitled Registry ( ICR https://myibm.ibm.com/products-services/containerlibrary ) and follow installation instructions https://www.ibm.com/docs/en/concert depending on the type of deployment.
Event History
Mar 23, 2026
CVE Published
via IBM·12:00 AM
Data Sourced
via IBM·12:00 AM
DescriptionAffected Software
Mar 25, 2026
CVE Published
via MITRE·08:34 PM
Data Sourced
via MITRE·08:34 PM
RemedyDescriptionSeverityWeakness
Data Sourced
via NVD·09:16 PM
DescriptionSeverityWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2025-36440?
CVE-2025-36440 is considered a moderate severity vulnerability due to its potential to expose sensitive information.
2
How do I fix CVE-2025-36440?
To fix CVE-2025-36440, ensure you upgrade IBM Concert Software to version 2.2.1 or later.
3
What types of vulnerabilities are associated with CVE-2025-36440?
CVE-2025-36440 is associated with missing function level access control vulnerabilities.
4
Who is affected by CVE-2025-36440?
Users of IBM Concert Software versions 1.0.0 through 2.2.0 are affected by CVE-2025-36440.
5
What information could be compromised by CVE-2025-36440?
CVE-2025-36440 could allow local users to access sensitive information that should be protected.