IBM — Vulnerabilities & Security Advisories 4629

Browse all 4629 CVE security advisories affecting IBM. AI-powered Chinese analysis, POCs, and references for each vulnerability.

IBM operates as a multinational technology and consulting corporation, primarily providing enterprise software, hybrid cloud services, and artificial intelligence solutions. Its extensive portfolio, including the Red Hat OpenShift platform and Watson AI suite, creates a broad attack surface that has historically been associated with Remote Code Execution (RCE) vulnerabilities, particularly within web application frameworks and middleware. Cross-site scripting (XSS) and privilege escalation flaws also frequently appear in its legacy enterprise applications and containerized environments. While the company maintains robust security protocols, past incidents have included data breaches affecting customer information and supply chain compromises. The high volume of recorded Common Vulnerabilities and Exposures (CVEs) reflects the complexity and scale of its global infrastructure rather than inherent systemic failure, though it necessitates rigorous patch management and continuous monitoring for enterprise clients relying on its diverse technological stack.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-13044	Multiple Vulnerabilities in IBM Concert Software — ConcertCWE-340	6.2	Medium	2026-04-07
CVE-2026-1243	IBM Content Navigator is affected by , a Cross-Site Scripting (XSS) vulnerability — Content Navigator	5.4	Medium	2026-04-02
CVE-2025-66487	Multiple vulnerabilities have been addressed in IBM Aspera Shares — Aspera SharesCWE-770	2.7	Low	2026-04-01
CVE-2025-66486	Multiple vulnerabilities have been addressed in IBM Aspera Shares — Aspera SharesCWE-80	4.8	Medium	2026-04-01
CVE-2025-66485	Multiple vulnerabilities have been addressed in IBM Aspera Shares — Aspera SharesCWE-644	5.4	Medium	2026-04-01
CVE-2025-66484	Multiple vulnerabilities have been addressed in IBM Aspera Shares — Aspera Shares	5.5	Medium	2026-04-01
CVE-2025-66483	Multiple vulnerabilities have been addressed in IBM Aspera Shares — Aspera SharesCWE-613	6.3	Medium	2026-04-01
CVE-2025-36375	IBM DataPower Gateway vulnerable to CSRF — DataPower Gateway 10.6CDCWE-352	6.5	Medium	2026-04-01
CVE-2026-2475	Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access — Verify Identity Access ContainerCWE-601	3.1	Low	2026-04-01
CVE-2026-4820	IBM Maximo Application Suite was vulnerable to because Cookie ltpatoken2_<workspace_name> was not set with secure flag — Maximo Application SuiteCWE-614	4.3	Medium	2026-04-01
CVE-2025-36373	Incorrect administrative access control in IBM DataPower Gateway — DataPower Gateway 10.6CDCWE-497	4.1	Medium	2026-04-01
CVE-2025-13916	Multiple vulnerabilities have been addressed in IBM Aspera Shares — Aspera SharesCWE-327	5.9	Medium	2026-04-01
CVE-2026-1491	Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access — Verify Identity Access ContainerCWE-444	5.3	Medium	2026-04-01
CVE-2026-2862	Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access — Verify Identity Access ContainerCWE-444	5.3	Medium	2026-04-01
CVE-2026-1345	Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access — Verify Identity Access ContainerCWE-78	7.3	High	2026-04-01
CVE-2026-4101	Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access — Verify Identity Access ContainerCWE-287	8.1	High	2026-04-01
CVE-2026-4364	Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access — Verify Identity Access ContainerCWE-79	5.4	Medium	2026-04-01
CVE-2025-13855	IBM Storage Protect Server is affected by a vulnerability that could allow authenticated users to access administrative metadata through the JSON-RPC endpoint . — Storage Protect ServerCWE-89	7.6	High	2026-04-01
CVE-2025-36187	Multiple Security vulnerabilities affecting IBM Knowledge Catalog Standard Cartridge — Knowledge Catalog Standard CartridgeCWE-532	4.4	Medium	2026-03-25
CVE-2025-14684	IBM Maximo Application Suite - Monitor Component uses Log Forging which is vulnerable to . — Maximo Application Suite - Monitor ComponentCWE-117	4.0	Medium	2026-03-25
CVE-2025-14807	IBM InfoSphere Information Server is vulnerable to HTTP header injection — InfoSphere Information ServerCWE-644	6.5	Medium	2026-03-25
CVE-2026-1015	IBM InfoSphere Information Server is vulnerable to server-side request forgery — InfoSphere Information ServerCWE-918	5.4	Medium	2026-03-25
CVE-2026-1014	IBM InfoSphere Information Server is vulnerable due to disclosure of sensitive information — InfoSphere Information ServerCWE-319	6.5	Medium	2026-03-25
CVE-2026-2483	IBM InfoSphere Information Server Cross-Site Scripting — InfoSphere Information ServerCWE-79	5.4	Medium	2026-03-25
CVE-2025-64648	Multiple Vulnerabilities in IBM Concert Software — ConcertCWE-319	5.9	Medium	2026-03-25
CVE-2025-64647	Multiple Vulnerabilities in IBM Concert Software — ConcertCWE-1240	5.9	Medium	2026-03-25
CVE-2026-2484	IBM InfoSphere Information Server Information Disclosure — InfoSphere Information ServerCWE-209	4.3	Medium	2026-03-25
CVE-2025-64646	Multiple Vulnerabilities in IBM Concert Software — ConcertCWE-14	6.2	Medium	2026-03-25
CVE-2025-36440	Multiple Vulnerabilities in IBM Concert Software — ConcertCWE-522	5.1	Medium	2026-03-25
CVE-2025-36438	Multiple Vulnerabilities in IBM Concert Software — ConcertCWE-923	5.1	Medium	2026-03-25

This page lists every published CVE security advisory associated with IBM. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

IBM — Vulnerabilities & Security Advisories 4629