Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

IBM — Vulnerabilities & Security Advisories 4629

Browse all 4629 CVE security advisories affecting IBM. AI-powered Chinese analysis, POCs, and references for each vulnerability.

IBM operates as a multinational technology and consulting corporation, primarily providing enterprise software, hybrid cloud services, and artificial intelligence solutions. Its extensive portfolio, including the Red Hat OpenShift platform and Watson AI suite, creates a broad attack surface that has historically been associated with Remote Code Execution (RCE) vulnerabilities, particularly within web application frameworks and middleware. Cross-site scripting (XSS) and privilege escalation flaws also frequently appear in its legacy enterprise applications and containerized environments. While the company maintains robust security protocols, past incidents have included data breaches affecting customer information and supply chain compromises. The high volume of recorded Common Vulnerabilities and Exposures (CVEs) reflects the complexity and scale of its global infrastructure rather than inherent systemic failure, though it necessitates rigorous patch management and continuous monitoring for enterprise clients relying on its diverse technological stack.

Top products by IBM: DB2 for Linux, UNIX and Windows InfoSphere Information Server Sterling B2B Integrator WebSphere Application Server Security Guardium QRadar SIEM Cognos Analytics MQ Maximo Asset Management API Connect Rational Quality Manager Rational Collaborative Lifecycle Management Security Key Lifecycle Manager i AIX Spectrum Protect Plus Robotic Process Automation Spectrum Scale UrbanCode Deploy Cognos Controller Aspera Faspex Sterling File Gateway Rational DOORS Next Generation Security Identity Governance and Intelligence Cloud Pak for Security Cloud Pak System Concert Financial Transaction Manager Content Navigator Jazz Reporting Service
CVE IDTitleCVSSSeverityPublished
CVE-2026-1577 IBM® Db2® is vulnerable to a denial of service with a specially crafted query involving multiple subqueries — Db2 6.5 Medium2026-04-30
CVE-2025-36122 IBM® Db2® is vulnerable to a denial of service with a specially crafted query when stmtheap is set to automatic — Db2CWE-770 6.5 Medium2026-04-30
CVE-2025-14688 IBM® Db2® is vulnerable to a denial of service when fetching from certain tables under specific configurations — Db2CWE-1284 5.3 Medium2026-04-30
CVE-2026-2311 IBM i is affected by a privilege escalation vulnerability in Web Administration GUI [] — iCWE-284 6.4 Medium2026-04-30
CVE-2025-36180 Inadequate Pod Communication Restrictions, affects watsonx.data — watsonx.dataCWE-923 5.3 Medium2026-04-30
CVE-2026-6389 IBM Turbonomic Prometurbo agent used by IBM Turbonomic Application Resource Management is affected by a single vulnerability — Turbonomic prometurbo agentCWE-269 8.8 High2026-04-30
CVE-2026-6542 Monitor API allows cross-user read of transaction logs and deletion of build data via flow_id — Langflow OSSCWE-639 6.5 Medium2026-04-30
CVE-2025-36335 Vulnerabilities found — watsonx.data intelligenceCWE-256 6.2 Medium2026-04-30
CVE-2026-6543 Authenticated Remote Code Execution Vulnerability in Langflow Code Validation Endpoint — Langflow DesktopCWE-94 8.8 High2026-04-30
CVE-2026-3345 Path Traversal and Arbitrary File Write Vulnerability in IBM Langflow Desktop API v2 File Upload Endpoint — Langflow DesktopCWE-22 6.5 Medium2026-04-30
CVE-2026-3346 Stored Cross-Site Scripting (XSS) in Langflow Markdown Rendering via rehypeRaw — Langflow DesktopCWE-89 6.4 Medium2026-04-30
CVE-2026-3340 Server-Side Request Forgery (SSRF) in Langflow URL Component — Langflow DesktopCWE-918 6.5 Medium2026-04-30
CVE-2026-4502 Arbitrary File Write and Remote Code Execution Vulnerability in Langflow v2 API — Langflow DesktopCWE-22 6.5 Medium2026-04-30
CVE-2026-4503 Unauthenticated Insecure Direct Object Reference (IDOR) Vulnerability in Langflow Desktop Image Download Endpoint — Langflow DesktopCWE-639 7.5 High2026-04-30
CVE-2026-1726 Multiple Vulnerabilities in IBM Guardium Key Lifecycle Manager — Guardium Key Lifecycle ManagerCWE-269 4.3AIMediumAI2026-04-22
CVE-2025-36074 Security vulnerability has been detected in IBM Security Verify Directory — Security Verify Directory (Container)CWE-434 5.5 Medium2026-04-22
CVE-2026-5926 Security vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access — Verify Identity Access Container 6.5 Medium2026-04-22
CVE-2026-1352 IBM® Db2® is vulnerable to a trap or return SQLCODE -901 when compiling a specially crafted query with a defined index — Db2CWE-1284 6.5 Medium2026-04-22
CVE-2026-1272 IBM Guardium Data Protection is affected by multiple vulnerabilities — Guardium Data ProtectionCWE-613 2.7 Low2026-04-22
CVE-2026-1274 IBM Guardium Data Protection is affected by multiple vulnerabilities — Guardium Data ProtectionCWE-840 4.9 Medium2026-04-22
CVE-2026-5935 TSSC/IMC is vulnerable to OS Command Injection — Total Storage Service Console (TSSC) / TS4500 IMCCWE-78 7.3 High2026-04-22
CVE-2026-4917 IBM Guardium Data Protection is affected by multiple vulnerabilities — Guardium Data ProtectionCWE-22 4.9 Medium2026-04-22
CVE-2026-4918 IBM Guardium Data Protection is affected by multiple vulnerabilities — Guardium Data ProtectionCWE-79 5.5 Medium2026-04-22
CVE-2026-4919 IBM Guardium Data Protection is affected by multiple vulnerabilities — Guardium Data ProtectionCWE-79 4.8 Medium2026-04-22
CVE-2026-3621 IBM WebSphere Application Server Liberty is affected by identity spoofing — WebSphere Application Server - LibertyCWE-269 7.5 High2026-04-22
CVE-2026-4788 Multiple Vulnerabilities affect IBM Tivoli Netcool Impact — Tivoli Netcool ImpactCWE-532 8.4 High2026-04-08
CVE-2026-3357 IBM Langflow Desktop FAISS Vector Store Remote Code Execution via malicious Pickle file — Langflow DesktopCWE-502 8.8 High2026-04-08
CVE-2026-1346 Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access — Verify Identity Access ContainerCWE-250 9.3 Critical2026-04-08
CVE-2026-1343 Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access — Verify Identity Access ContainerCWE-918 7.2 High2026-04-08
CVE-2026-1342 Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access — Verify Identity Access ContainerCWE-829 8.5 High2026-04-07

This page lists every published CVE security advisory associated with IBM. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.