CVE-2025-36154
MEDIUMDescription
IBM Concert 1.0.0 through 2.1.0 stores sensitive information in cleartext during recursive docker builds which could be obtained by a local user.
Is your site exposed to CVE-2025-36154?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| ibm | concert |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-36154? +
How severe is CVE-2025-36154? +
What products are affected by CVE-2025-36154? +
How do I check if I'm vulnerable to CVE-2025-36154? +
Related Vulnerabilities
Puppet resource_api (shipped in Puppet Core 8.x and Puppet Enterprise 2023.8.x and 2025.x) does not preserve the sensitive flag on …
PrinterShare Android application allows the capture of Gmail authentication tokens that can be reused to access a user's Gmail account …
OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, OpenProject's Storages module writes the OneDrive/SharePoint userless OAuth …
A vulnerability has been identified in SIMATIC WinCC Unified PC Runtime V16 (All versions), SIMATIC WinCC Unified PC Runtime V17 …
Medtronic MyCareLink Patient Monitor uses per-product credentials that are stored in a recoverable format. An attacker can use these credentials …
A vulnerability in the Cisco Nexus Dashboard Fabric Controller (NDFC) software, formerly Cisco Data Center Network Manager (DCNM), could allow …