CVE-2025-33015
HIGH WAF: Medium
CVSS 8.8
Published: 2026-01-20
CWE-434
IBM Concert 1.0.0 through 2.1.0 is vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface.
WAF Coverage Analysis
Unrestricted File Upload
Medium WAF Coverage
OWASP: A04:2021 Insecure Design
930xxx - Local File Inclusion
Affected Software
| Vendor | Product | Version |
|---|---|---|
| ibm | concert | 1.0.0 - 2.2.0 |
References
- www.ibm.com (Vendor Advisory)