CNNVD-202508-2017 Information

CNNVD ID

CNNVD-202508-2017

Related CVE

CVE-2025-27909

• CNNVD Published: 2025-08-18

Description (Chinese)

IBM Concert Software是美国国际商业机器（IBM）公司的一个应用生命周期风险识别软件。 IBM Concert Software 1.1.0及之前版本存在安全漏洞，该漏洞源于跨域资源共享（CORS）配置未将域名限制在可信域，导致攻击者可执行特权操作。

Description (English)

IBM Concert Software is an application life-cycle risk identification software for IBM. There is a security loophole in IBM Concert Software 1.1.0 and previous versions, which stems from the fact that the cross-domain resource-sharing (CORS) configuration does not limit domain names to a credible domain, resulting in a privileged operation for the attackers.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

国际商业机器

Published

2025-08-18

Last Modified

2026-02-24

References

https://www.ibm.com/support/pages/node/7242354 https://nvd.nist.gov/vuln/detail/CVE-2025-27909

Patch

https://www.ibm.com/support/pages/node/7242354