CVE-2025-36438

Medium

IBM Concert 1.0.0 through 2.2.0 could allow a privileged user to perform unauthorized actions due to improper restriction of channel…

ibm·CWE-923·Published 2026-03-25

CVSS

5.5

EPSS

0.00

KEV

Exploits

cve.orgen

169 chars

IBM Concert 1.0.0 through 2.2.0 could allow a privileged user to perform unauthorized actions due to improper restriction of channel communication to intended endpoints.

NVDen

169 chars

IBM Concert 1.0.0 through 2.2.0 could allow a privileged user to perform unauthorized actions due to improper restriction of channel communication to intended endpoints.

NVDes

201 chars

IBM Concert 1.0.0 hasta 2.2.0 podría permitir a un usuario privilegiado realizar acciones no autorizadas debido a una restricción inadecuada de la comunicación del canal a los puntos finales previstos.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	NVD	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
3.1	Primary	cve.org	5.1	—	—	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N