IBM Concert 1.0.0 through 2.2.0 creates temporary files with predictable names, which allows local users to overwrite arbitrary files via a symlink attack.
The product uses a scheme that generates numbers or identifiers that are more predictable than required.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Concert | Ibm | 1.0.0 (including) | 2.2.0 (including) |