Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
IBM Concert uses hard-coded credentials, exposing sensitive info
CVE-2025-33089
Summary
IBM Concert, a software component, contains hardcoded user credentials that could be exploited by an attacker to access sensitive information or take unauthorized actions. This means that anyone with access to the system could potentially use these credentials to gain elevated privileges. To address this, IBM should update the software to use secure authentication methods.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| ibm | concert | > 1.0.0 , <= 2.2.0 | – |
Original title
IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information or perform unauthorized actions due to the use of hard coded user credentials.
Original description
IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information or perform unauthorized actions due to the use of hard coded user credentials.
nvd CVSS3.1
9.8
Vulnerability type
CWE-798
Use of Hard-coded Credentials
- https://www.ibm.com/support/pages/node/7260162 Vendor Advisory
Published: 17 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026