Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.3
IBM Concert 1.0.0 to 2.1.0 allows attackers to trick system into sending unauthorized requests
CVE-2025-36243
Summary
IBM Concert versions 1.0.0 through 2.1.0 are vulnerable to a security risk that allows an attacker with permission to send fake requests from your system. This could be used to discover sensitive information on your network or help the attacker launch further attacks. Update to a secure version to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| ibm | concert | > 1.0.0 , <= 2.2.0 | – |
Original title
IBM Concert 1.0.0 through 2.1.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to n...
Original description
IBM Concert 1.0.0 through 2.1.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
nvd CVSS3.1
4.3
Vulnerability type
CWE-918
Server-Side Request Forgery (SSRF)
- https://www.ibm.com/support/pages/node/7260162 Vendor Advisory
Published: 17 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026