Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

IBM — Vulnerabilities & Security Advisories 4629

Browse all 4629 CVE security advisories affecting IBM. AI-powered Chinese analysis, POCs, and references for each vulnerability.

IBM operates as a multinational technology and consulting corporation, primarily providing enterprise software, hybrid cloud services, and artificial intelligence solutions. Its extensive portfolio, including the Red Hat OpenShift platform and Watson AI suite, creates a broad attack surface that has historically been associated with Remote Code Execution (RCE) vulnerabilities, particularly within web application frameworks and middleware. Cross-site scripting (XSS) and privilege escalation flaws also frequently appear in its legacy enterprise applications and containerized environments. While the company maintains robust security protocols, past incidents have included data breaches affecting customer information and supply chain compromises. The high volume of recorded Common Vulnerabilities and Exposures (CVEs) reflects the complexity and scale of its global infrastructure rather than inherent systemic failure, though it necessitates rigorous patch management and continuous monitoring for enterprise clients relying on its diverse technological stack.

Top products by IBM: DB2 for Linux, UNIX and Windows InfoSphere Information Server Sterling B2B Integrator WebSphere Application Server Security Guardium QRadar SIEM Cognos Analytics MQ Maximo Asset Management API Connect Rational Quality Manager Rational Collaborative Lifecycle Management Security Key Lifecycle Manager i AIX Spectrum Protect Plus Robotic Process Automation Spectrum Scale UrbanCode Deploy Cognos Controller Aspera Faspex Sterling File Gateway Rational DOORS Next Generation Security Identity Governance and Intelligence Cloud Pak for Security Cloud Pak System Concert Financial Transaction Manager Content Navigator Jazz Reporting Service
CVE IDTitleCVSSSeverityPublished
CVE-2025-36102 IBM Controller Validation Bypass — ControllerCWE-602 2.7 Low2025-12-08
CVE-2025-33111 IBM Controller Information Disclosure — ControllerCWE-379 4.3 Medium2025-12-08
CVE-2025-36015 IBM Controller Denial of Service — ControllerCWE-1284 6.5 Medium2025-12-08
CVE-2024-45675 IBM Informix Dynamic Server Authentication Bypass — Informix Dynamic ServerCWE-309 8.4 High2025-12-02
CVE-2025-36134 IBM Sterling B2B Integrator and IBM Sterling File Gateway information disclosure — Sterling B2B IntegratorCWE-1275 3.7 Low2025-11-25
CVE-2025-36150 IBM Concert Information Disclosure — ConcertCWE-327 5.9 Medium2025-11-24
CVE-2025-36112 IBM Sterling B2B Integrator and IBM Sterling File Gateway information disclosure — Sterling B2B IntegratorCWE-497 5.3 Medium2025-11-24
CVE-2025-36149 IBM Concert Software clickjacking — IBM Concert SoftwareCWE-1021 6.3 Medium2025-11-21
CVE-2025-36072 IBM webMethods Integration Deserialization — webMethods IntegrationCWE-502 8.8 High2025-11-20
CVE-2025-36153 IBM Concert Cross-Site Scripting — ConcertCWE-79 6.1 Medium2025-11-20
CVE-2025-36158 IBM Concert Information Disclosure — ConcertCWE-674 5.1 Medium2025-11-20
CVE-2025-36159 IBM Concert Improper Log Neutralization — ConcertCWE-117 6.2 Medium2025-11-20
CVE-2025-36160 IBM Concert Information Disclosure — ConcertCWE-497 5.3 Medium2025-11-20
CVE-2025-36161 IBM Concert Software Information Disclosure — ConcertCWE-327 5.9 Medium2025-11-20
CVE-2025-36371 IBM i Information Disclosure — iCWE-598 6.5 Medium2025-11-19
CVE-2025-36118 IBM Storage Virtualize Information Disclosure — Storage VirtualizeCWE-244 7.5 High2025-11-17
CVE-2025-36299 IBM Planning Analytics Information Disclosure — IBM Planning Analytics LocalCWE-540 4.3 Medium2025-11-17
CVE-2025-36357 IBM Planning Analytics Local Directory Traversal — IBM Planning Analytics LocalCWE-36 8.0 High2025-11-17
CVE-2025-36236 AIX Path Traversal — AIXCWE-22 8.2 High2025-11-13
CVE-2025-36250 AIX Code Execution — AIXCWE-114 10.0 Critical2025-11-13
CVE-2025-36096 AIX Insufficiently Protected Credentials — AIXCWE-522 9.0 Critical2025-11-13
CVE-2025-36251 AIX Command Execution — AIXCWE-114 9.6 Critical2025-11-13
CVE-2025-33119 IBM QRadar SIEM Information Disclosure — QRadar Security Information and Event ManagementCWE-260 6.5 Medium2025-11-12
CVE-2025-36223 IBM OpenPages Host Header Injection — OpenPagesCWE-644 5.4 Medium2025-11-12
CVE-2025-27368 IBM OpenPages Information Disclosure — OpenPagesCWE-497 4.3 Medium2025-11-12
CVE-2025-33150 IBM Cognos Analytics Certified Containers information disclosure — Cognos Analytics Certified ContainersCWE-552 5.3 Medium2025-11-10
CVE-2025-36006 IBM Db2 denial of service — Db2CWE-404 6.5 Medium2025-11-07
CVE-2025-36008 IBM Db2 denial of service — Db2CWE-770 6.5 Medium2025-11-07
CVE-2025-36131 IBM Db2 information disclosure — Db2CWE-359 4.6 Medium2025-11-07
CVE-2025-36136 IBM denial of service — Db2CWE-770 5.1 Medium2025-11-07

This page lists every published CVE security advisory associated with IBM. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.