Vulnerability-Lookup

CNVD-2026-16136

Vulnerability from cnvd - Published: 2026-04-03

Title

IBM Concert代码问题漏洞（CNVD-2026-16136）

Description

IBM Concert是IBM的协作式应用程序生命周期管理平台。 IBM Concert存在信息泄露漏洞，该漏洞源于程序未能正确清除缓冲区资源。攻击者可利用该漏洞访问内存中的敏感信息。

Severity

中

Patch Name

IBM Concert代码问题漏洞（CNVD-2026-16136）的补丁

Patch Description

IBM Concert是IBM的协作式应用程序生命周期管理平台。 IBM Concert存在信息泄露漏洞，该漏洞源于程序未能正确清除缓冲区资源。攻击者可利用该漏洞访问内存中的敏感信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： https://www.ibm.com/support/pages/node/7267105

Reference

https://nvd.nist.gov/vuln/detail/CVE-2025-64646

Impacted products

Name
IBM Concert >=1.0.0，<=2.2.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2025-64646",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-64646"
    }
  },
  "description": "IBM Concert\u662fIBM\u7684\u534f\u4f5c\u5f0f\u5e94\u7528\u7a0b\u5e8f\u751f\u547d\u5468\u671f\u7ba1\u7406\u5e73\u53f0\u3002\n\nIBM Concert\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u6e05\u9664\u7f13\u51b2\u533a\u8d44\u6e90\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bbf\u95ee\u5185\u5b58\u4e2d\u7684\u654f\u611f\u4fe1\u606f\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttps://www.ibm.com/support/pages/node/7267105",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2026-16136",
  "openTime": "2026-04-03",
  "patchDescription": "IBM Concert\u662fIBM\u7684\u534f\u4f5c\u5f0f\u5e94\u7528\u7a0b\u5e8f\u751f\u547d\u5468\u671f\u7ba1\u7406\u5e73\u53f0\u3002\r\n\r\nIBM Concert\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u6e05\u9664\u7f13\u51b2\u533a\u8d44\u6e90\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bbf\u95ee\u5185\u5b58\u4e2d\u7684\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "IBM Concert\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e\uff08CNVD-2026-16136\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "IBM Concert \u003e=1.0.0\uff0c\u003c=2.2.0"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2025-64646",
  "serverity": "\u4e2d",
  "submitTime": "2026-03-31",
  "title": "IBM Concert\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e\uff08CNVD-2026-16136\uff09"
}

CVE-2025-64646 (GCVE-0-2025-64646)

Vulnerability from cvelistv5 – Published: 2026-03-25 20:35 – Updated: 2026-03-26 17:51

Title

Multiple Vulnerabilities in IBM Concert Software

Summary

IBM Concert 1.0.0 through 2.2.0 could allow an attacker to access sensitive information in memory due to the buffer not properly clearing resources.

Severity ?

6.2 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-14 - Compiler Removal of Code to Clear Buffers

Assigner

ibm

References

URL

Tags

https://www.ibm.com/support/pages/node/7267105

vendor-advisorypatch

Impacted products

	Vendor	Product	Version
	IBM	Concert	Affected: 1.0.0 , ≤ 2.2.0 (semver) cpe:2.3:a:ibm:concert:1.0.0:::::::* cpe:2.3:a:ibm:concert:2.2.0:::::::*

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-64646",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-26T17:39:31.013715Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-26T17:51:17.022Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:concert:1.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:concert:2.2.0:*:*:*:*:*:*:*"
          ],
          "product": "Concert",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "2.2.0",
              "status": "affected",
              "version": "1.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIBM Concert 1.0.0 through 2.2.0 could allow an attacker to access sensitive information in memory due to the buffer not properly clearing resources.\u003c/p\u003e"
            }
          ],
          "value": "IBM Concert 1.0.0 through 2.2.0 could allow an attacker to access sensitive information in memory due to the buffer not properly clearing resources."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-14",
              "description": "CWE-14 Compiler Removal of Code to Clear Buffers",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-25T20:35:51.740Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://www.ibm.com/support/pages/node/7267105"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading to IBM Concert Software 2.3.1\u003c/p\u003e\u003cp\u003eDownload IBM Concert Software 2.3.1 from Container software library section of IBM Entitled Registry (\u003ca href=\"https://myibm.ibm.com/products-services/containerlibrary\" target=\"_blank\" rel=\"noopener noreferrer nofollow\"\u003eICR\u003c/a\u003e) and follow\u0026nbsp;\u003ca href=\"https://www.ibm.com/docs/en/concert?topic=installing-preparing-run-installs-from-private-container-registry\" target=\"_blank\" rel=\"noopener noreferrer nofollow\"\u003einstallation instructions\u003c/a\u003e\u0026nbsp;depending on the type of deployment.\u003c/p\u003e"
            }
          ],
          "value": "IBM strongly recommends addressing the vulnerability now by upgrading to IBM Concert Software 2.3.1\n\nDownload IBM Concert Software 2.3.1 from Container software library section of IBM Entitled Registry ( ICR https://myibm.ibm.com/products-services/containerlibrary ) and follow\u00a0 installation instructions https://www.ibm.com/docs/en/concert \u00a0depending on the type of deployment."
        }
      ],
      "title": "Multiple Vulnerabilities in IBM Concert Software",
      "x_generator": {
        "engine": "ibm-cvegen"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2025-64646",
    "datePublished": "2026-03-25T20:35:51.740Z",
    "dateReserved": "2025-11-06T18:13:00.559Z",
    "dateUpdated": "2026-03-26T17:51:17.022Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2026-16136

CVE-2025-64646 (GCVE-0-2025-64646)

Tags

Sightings

Nomenclature