Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

IBM — Vulnerabilities & Security Advisories 4629

Browse all 4629 CVE security advisories affecting IBM. AI-powered Chinese analysis, POCs, and references for each vulnerability.

IBM operates as a multinational technology and consulting corporation, primarily providing enterprise software, hybrid cloud services, and artificial intelligence solutions. Its extensive portfolio, including the Red Hat OpenShift platform and Watson AI suite, creates a broad attack surface that has historically been associated with Remote Code Execution (RCE) vulnerabilities, particularly within web application frameworks and middleware. Cross-site scripting (XSS) and privilege escalation flaws also frequently appear in its legacy enterprise applications and containerized environments. While the company maintains robust security protocols, past incidents have included data breaches affecting customer information and supply chain compromises. The high volume of recorded Common Vulnerabilities and Exposures (CVEs) reflects the complexity and scale of its global infrastructure rather than inherent systemic failure, though it necessitates rigorous patch management and continuous monitoring for enterprise clients relying on its diverse technological stack.

Top products by IBM: DB2 for Linux, UNIX and Windows InfoSphere Information Server Sterling B2B Integrator WebSphere Application Server Security Guardium QRadar SIEM Cognos Analytics MQ Maximo Asset Management API Connect Rational Quality Manager Rational Collaborative Lifecycle Management Security Key Lifecycle Manager i AIX Spectrum Protect Plus Robotic Process Automation Spectrum Scale UrbanCode Deploy Cognos Controller Aspera Faspex Sterling File Gateway Rational DOORS Next Generation Security Identity Governance and Intelligence Cloud Pak for Security Cloud Pak System Concert Financial Transaction Manager Content Navigator Jazz Reporting Service
CVE IDTitleCVSSSeverityPublished
CVE-2025-13333 IBM WebSphere Application Server could provide weaker than expected security — WebSphere Application ServerCWE-358 4.4 Medium2026-02-17
CVE-2025-13689 DataStage on Cloud Pak for Data is vulnerable to arbitrary code injection due to runtime environment — DataStage on Cloud PakCWE-434 8.8 High2026-02-17
CVE-2023-38005 Improper Access Control and Exposure of Information Through Directory Listing vulnerabilities affect IBM Cloud Pak System[, ] — Cloud Pak SystemCWE-284 4.3 Medium2026-02-17
CVE-2025-33135 IBM Financial Transaction Manager for ACH Services and Check Services is impacted by multiple vulnerabilities — Financial Transaction Manager for ACH Services and Check Services for Multi-PlatformCWE-79 6.1 Medium2026-02-17
CVE-2025-33088 Multiple Vulnerabilities in IBM Concert Software. — ConcertCWE-732 7.4 High2026-02-17
CVE-2025-36183 Privileged User File Upload Vulnerability Leading to Limited Server-Side Execution affects watsonx.data — watsonx.dataCWE-434 3.8 Low2026-02-17
CVE-2025-36348 The Dashboard of IBM Sterling B2B Integrator and IBM Sterling File Gateway is Vulnerable to Information Disclosure — Sterling B2B IntegratorCWE-209 4.9 Medium2026-02-17
CVE-2025-36376 IBM Security QRadar EDR Software has multiple vulnerabilities — Security QRadar EDRCWE-613 6.3 Medium2026-02-17
CVE-2025-36377 IBM Security QRadar EDR Software has multiple vulnerabilities — Security QRadar EDRCWE-613 6.3 Medium2026-02-17
CVE-2025-36379 IBM Security QRadar EDR Software has multiple vulnerabilities — Security QRadar EDRCWE-326 5.9 Medium2026-02-17
CVE-2025-13691 DataStage on Cloud Pak for Data is vulnerable to sensitive information leaks due to HTTP processing — DataStage on Cloud Pak for DataCWE-497 8.1 High2026-02-17
CVE-2025-14289 IBM webMethods Integration Server is vulnerable to HTML injection — webMethods Integration ServerCWE-80 5.4 Medium2026-02-17
CVE-2025-27898 Multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and Windows — DB2 Recovery Expert for LUWCWE-613 6.3 Medium2026-02-17
CVE-2025-27899 Multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and Windows — DB2 Recovery Expert for LUWCWE-526 5.3 Medium2026-02-17
CVE-2025-27900 Multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and Windows — DB2 Recovery Expert for LUWCWE-601 6.8 Medium2026-02-17
CVE-2025-27901 Multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and Windows — DB2 Recovery Expert for LUWCWE-644 6.5 Medium2026-02-17
CVE-2025-27903 Multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and Windows — DB2 Recovery Expert for LUWCWE-319 5.9 Medium2026-02-17
CVE-2025-27904 Multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and Windows — DB2 Recovery Expert for LUWCWE-352 6.5 Medium2026-02-17
CVE-2025-33130 Fixes to common vulnerabilities found in IBM Db2 Merge Backup for Linux, UNIX and Windows — DB2 Merge Backup for Linux, UNIX and WindowsCWE-120 6.5 Medium2026-02-17
CVE-2025-33124 Fixes to common vulnerabilities found in IBM Db2 Merge Backup for Linux, UNIX and Windows — DB2 Merge Backup for Linux, UNIX and WindowsCWE-131 6.5 Medium2026-02-17
CVE-2025-13108 Fixes to common vulnerabilities found in IBM Db2 Merge Backup for Linux, UNIX and Windows — DB2 Merge Backup for Linux, UNIX and Windows 5.5 Medium2026-02-17
CVE-2023-38265 Improper Access Control and Exposure of Information Through Directory Listing vulnerabilities affect IBM Cloud Pak System[, ] — Cloud Pak SystemCWE-548 5.3 Medium2026-02-17
CVE-2025-33101 Multiple Vulnerabilities in IBM Concert Software. — ConcertCWE-244 5.9 Medium2026-02-17
CVE-2025-33089 Multiple Vulnerabilities in IBM Concert Software. — ConcertCWE-798 6.5 Medium2026-02-17
CVE-2025-36243 Multiple Vulnerabilities in IBM Concert Software. — ConcertCWE-918 5.4 Medium2026-02-17
CVE-2024-43178 Multiple Vulnerabilities in IBM Concert Software. — ConcertCWE-327 5.9 Medium2026-02-17
CVE-2025-36018 Multiple Vulnerabilities in IBM Concert Software. — ConcertCWE-352 6.5 Medium2026-02-17
CVE-2025-36019 Multiple Vulnerabilities in IBM Concert Software. — ConcertCWE-79 6.1 Medium2026-02-17
CVE-2025-12755 Multiple vulnerabilities in IBM MQ Operator and Queue manager container images — MQ OperatorCWE-117 4.0 Medium2026-02-17
CVE-2025-36247 IBM Db2 XML External Entity Reference — Db2 for Linux, UNIX and WindowsCWE-611 7.1 High2026-02-17

This page lists every published CVE security advisory associated with IBM. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.