CVE-2025-36160
published 2025-11-20CVE-2025-36160: IBM Concert 1.0.0 through 2.0.0 could disclose sensitive server information from HTTP response headers that could aid in further attacks against the system.
high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
IBM Concert 1.0.0 through 2.0.0 could disclose sensitive server information from HTTP response headers that could aid in further attacks against the system.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | concert | >= 1.0.0 < 2.1.0 | 2.1.0 |
| ibm | concert | 1.0.0 – 2.0.0 | — |
| msrc | cbl2_httpd_2.4.52-1_on_cbl_mariner_2.0 | — | — |
| msrc | cm1_httpd_2.4.49-1_on_cbl_mariner_1.0 | — | — |