Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

IBM — Vulnerabilities & Security Advisories 4629

Browse all 4629 CVE security advisories affecting IBM. AI-powered Chinese analysis, POCs, and references for each vulnerability.

IBM operates as a multinational technology and consulting corporation, primarily providing enterprise software, hybrid cloud services, and artificial intelligence solutions. Its extensive portfolio, including the Red Hat OpenShift platform and Watson AI suite, creates a broad attack surface that has historically been associated with Remote Code Execution (RCE) vulnerabilities, particularly within web application frameworks and middleware. Cross-site scripting (XSS) and privilege escalation flaws also frequently appear in its legacy enterprise applications and containerized environments. While the company maintains robust security protocols, past incidents have included data breaches affecting customer information and supply chain compromises. The high volume of recorded Common Vulnerabilities and Exposures (CVEs) reflects the complexity and scale of its global infrastructure rather than inherent systemic failure, though it necessitates rigorous patch management and continuous monitoring for enterprise clients relying on its diverse technological stack.

Top products by IBM: DB2 for Linux, UNIX and Windows InfoSphere Information Server Sterling B2B Integrator WebSphere Application Server Security Guardium QRadar SIEM Cognos Analytics MQ Maximo Asset Management API Connect Rational Quality Manager Rational Collaborative Lifecycle Management Security Key Lifecycle Manager i AIX Spectrum Protect Plus Robotic Process Automation Spectrum Scale UrbanCode Deploy Cognos Controller Aspera Faspex Sterling File Gateway Rational DOORS Next Generation Security Identity Governance and Intelligence Cloud Pak for Security Cloud Pak System Concert Financial Transaction Manager Content Navigator Jazz Reporting Service
CVE IDTitleCVSSSeverityPublished
CVE-2025-33015 Multiple Vulnerabilities in IBM Concert Software — ConcertCWE-434 8.8 High2026-01-20
CVE-2025-1722 Multiple Vulnerabilities in IBM Concert Software — ConcertCWE-244 5.9 Medium2026-01-20
CVE-2025-1719 Multiple Vulnerabilities in IBM Concert Software — ConcertCWE-244 5.9 Medium2026-01-20
CVE-2025-14115 IBM Sterling Connect:Direct for UNIX Container is affected by vulnerability where hard-coded credentials are embeeded in the product for its internal use. — Sterling Connect:Direct for UNIX ContainerCWE-798 8.4 High2026-01-20
CVE-2025-13925 Multiple vulnerabilities in IBM Aspera Console — Aspera ConsoleCWE-532 4.9 Medium2026-01-20
CVE-2025-12985 License Service: Privilege escalation vulnerability — IBM Licensing OperatorCWE-732 8.4 High2026-01-20
CVE-2025-64645 Multiple Vulnerabilities in IBM Concert Software. — ConcertCWE-367 7.7 High2025-12-26
CVE-2025-36230 XSS in IBM Aspera Faspex — Aspera Faspex 5CWE-80 5.4 Medium2025-12-26
CVE-2025-36229 Exposure of Sensitive System Information to an Unauthorized Control Sphere in IBM Aspera Faspex — Aspera Faspex 5CWE-497 3.1 Low2025-12-26
CVE-2025-36228 Incorrect Execution-Assigned Permissions in IBM Aspera Faspex — Aspera Faspex 5CWE-279 3.8 Low2025-12-26
CVE-2025-36192 Missing Authorization with the DS8900F and DS8A00 Hardware Management Console — DS8A00( R10.1)CWE-862 6.7 Medium2025-12-26
CVE-2025-14687 Client-Side Enforcement of Server-Side Security in IBM Db2 Intelligence Center — Db2 Intelligence CenterCWE-602 4.3 Medium2025-12-26
CVE-2025-13915 Authentication bypass in IBM API Connect — API ConnectCWE-305 9.8 Critical2025-12-26
CVE-2025-12771 IBM Concert Software Improper Restriction of Operations within the Bounds of a Memory Buffer. — ConcertCWE-119 7.8 High2025-12-26
CVE-2025-1721 BM Concert Software Improper Clearing of Heap Memory Before Release. — ConcertCWE-244 5.9 Medium2025-12-26
CVE-2025-36154 IBM Concert Software Cleartext Storage in a File or on Disk. — ConcertCWE-313 6.2 Medium2025-12-24
CVE-2025-13489 IBM DevOps Deploy is susceptible to a Cleartext Transmission of Sensitive Information — UCD - IBM DevOps DeployCWE-319 5.9 Medium2025-12-15
CVE-2025-14148 IBM DevOps Deploy is susceptible to a Insufficiently Protected Credentials vulnerability — UCD - IBM DevOps DeployCWE-522 6.5 Medium2025-12-15
CVE-2025-36360 IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to an Insufficient Session Expiration vulnerability — UCD - IBM UrbanCode DeployCWE-613 5.0 Medium2025-12-15
CVE-2025-13214 IBM Aspera Orchestrator SQL Injection — Aspera OrchestratorCWE-89 7.6 High2025-12-11
CVE-2025-13148 IBM Aspera Orchestrator Unverified Password Change — Aspera OrchestratorCWE-620 8.1 High2025-12-11
CVE-2025-13481 IBM Aspera Orchestrator Command Injection — Aspera OrchestratorCWE-78 8.8 High2025-12-11
CVE-2025-13211 IBM Aspera Orchestrator Denial of Service — Aspera OrchestratorCWE-799 5.3 Medium2025-12-11
CVE-2025-36437 IBM Planning Analytics Local is vulnerable to disclosing sensitive information — IBM Planning Analytics LocalCWE-209 4.3 Medium2025-12-09
CVE-2024-56464 IBM QRadar SIEM is affected by an information disclosure vulnerability — IBM QRadar SIEMCWE-548 2.7 Low2025-12-09
CVE-2025-36140 IBM watsonx.data Denial of Service — watsonx.dataCWE-770 6.5 Medium2025-12-08
CVE-2025-12635 IBM WebSphere Application Server and WebSphere Application Server Liberty Cross-Site Scripting — WebSphere Application ServerCWE-79 5.4 Medium2025-12-08
CVE-2025-64650 IBM Storage Defender - Resiliency Service Information Disclosure — Storage Defender - Resiliency ServiceCWE-532 6.5 Medium2025-12-08
CVE-2025-12832 IBM InfoSphere Information Server Server-Side Request Forgery — InfoSphere Information ServerCWE-918 4.6 Medium2025-12-08
CVE-2025-36017 IBM Controller Information Disclosure — ControllerCWE-526 6.5 Medium2025-12-08

This page lists every published CVE security advisory associated with IBM. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.