cbcvebase.
CVE-2025-36158
published 2025-11-20

CVE-2025-36158: IBM Concert 1.0.0 through 2.0.0 could allow a local user with specific permission to obtain sensitive information from files due to uncontrolled recursive…

medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
IBM Concert 1.0.0 through 2.0.0 could allow a local user with specific permission to obtain sensitive information from files due to uncontrolled recursive directory copying.

Affected

3 ranges
VendorProductVersion rangeFixed in
ibmconcert>= 1.0.0 < 2.1.02.1.0
ibmconcert1.0.0 – 2.0.0
msrccm1_kernel_5.4.91-1_on_cbl_mariner_1.0