IBM — Vulnerabilities & Security Advisories 4629

Browse all 4629 CVE security advisories affecting IBM. AI-powered Chinese analysis, POCs, and references for each vulnerability.

IBM operates as a multinational technology and consulting corporation, primarily providing enterprise software, hybrid cloud services, and artificial intelligence solutions. Its extensive portfolio, including the Red Hat OpenShift platform and Watson AI suite, creates a broad attack surface that has historically been associated with Remote Code Execution (RCE) vulnerabilities, particularly within web application frameworks and middleware. Cross-site scripting (XSS) and privilege escalation flaws also frequently appear in its legacy enterprise applications and containerized environments. While the company maintains robust security protocols, past incidents have included data breaches affecting customer information and supply chain compromises. The high volume of recorded Common Vulnerabilities and Exposures (CVEs) reflects the complexity and scale of its global infrastructure rather than inherent systemic failure, though it necessitates rigorous patch management and continuous monitoring for enterprise clients relying on its diverse technological stack.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-36185	IBM Db2 denial of service — Db2CWE-943	6.2	Medium	2025-11-07
CVE-2025-36186	IBM Db2 privilege escalation — Db2CWE-250	7.4	High	2025-11-07
CVE-2025-33012	IBM Db2 improper account lockout — Db2CWE-324	6.3	Medium	2025-11-07
CVE-2025-2534	IBM Db2 denial of service — Db2CWE-789	5.3	Medium	2025-11-07
CVE-2025-36135	IBM Sterling B2B Integrator and IBM Sterling File Gateway are Vulnerable to Cross-Site Scripting — Sterling B2B IntegratorCWE-79	5.4	Medium	2025-11-07
CVE-2024-47118	IBM Db2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query — Db2CWE-121	6.5	Medium	2025-11-07
CVE-2025-33110	IBM OpenPages Vulnerable to HTML Injection — OpenPagesCWE-80	5.4	Medium	2025-11-06
CVE-2025-36054	Cross-site scripting vulnerability affect IBM Business Automation Workflow Process Federation Server - — Business Automation Workflow containersCWE-79	6.1	Medium	2025-11-06
CVE-2025-36172	Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for 24.0.0-IF007, 24.0.1-IF005 and 25.0.0-IF002 — Cloud Pak for Business AutomationCWE-79	6.4	Medium	2025-11-03
CVE-2025-12531	IBM InfoSphere Information Server is affected by an XML external entity injection (XXE) vulnerability — InfoSphere Information ServerCWE-611	7.1	High	2025-11-03
CVE-2025-36093	security vulnerabilities are addressed with IBM Business Automation Insights iFixes for October 2025. — Cloud Pak For Business AutomationCWE-602	4.8	Medium	2025-11-03
CVE-2025-36092	IBM Business Automation Insights improper input validation — Cloud Pak For Business AutomationCWE-1284	6.5	Medium	2025-11-03
CVE-2025-36091	IBM Business Automation Insights unverified ownership — Cloud Pak For Business AutomationCWE-283	4.3	Medium	2025-11-03
CVE-2025-36367	IBM i is affected by a privilege escalation in IBM i SQL services — iCWE-862	8.8	High	2025-11-01
CVE-2025-36249	IBM Jazz for Service Management is vulnerable to "filter" cookie not sent over SSL — Jazz for Service ManagementCWE-614	3.7	Low	2025-10-31
CVE-2025-33003	IBM InfoSphere Information Server is vulnerable to privilege escalation — InfoSphere Information ServerCWE-250	7.8	High	2025-10-31
CVE-2025-3356	IBM Tivoli Monitoring is vulnerable to unauthenticated file read and write operations — Tivoli MonitoringCWE-22	8.6	High	2025-10-30
CVE-2025-3355	IBM Tivoli Monitoring is vulnerable to unauthenticated file read and write operations — Tivoli MonitoringCWE-22	7.5	High	2025-10-30
CVE-2025-36137	IBM Sterling Connect:Direct for UNIX command execution — Sterling Connect:Direct for UnixCWE-250	7.2	High	2025-10-30
CVE-2025-36386	There is a vulnerability in the IBM Maximo Manage application in IBM Maximo Application Suite for Cognos Analytics — IBM Maximo Application SuiteCWE-305	9.8	Critical	2025-10-28
CVE-2025-36085	Multiple Vulnerabilities in IBM Concert Software. — ConcertCWE-918	5.4	Medium	2025-10-28
CVE-2025-36083	Multiple Vulnerabilities in IBM Concert Software. — Concert SoftwareCWE-244	6.2	Medium	2025-10-28
CVE-2025-36081	Multiple Vulnerabilities in IBM Concert Software. — Concert SoftwareCWE-117	5.3	Medium	2025-10-28
CVE-2025-33133	Fixes to common vulnerabilities found in IBM Db2 High Performance Unload — DB2 High Performance UnloadCWE-787	6.5	Medium	2025-10-27
CVE-2025-33132	Fixes to common vulnerabilities found in IBM Db2 High Performance Unload — DB2 High Performance UnloadCWE-467	6.5	Medium	2025-10-27
CVE-2025-33131	Fixes to common vulnerabilities found in IBM Db2 High Performance Unload — DB2 High Performance UnloadCWE-120	6.5	Medium	2025-10-27
CVE-2025-33126	Fixes to common vulnerabilities found in IBM Db2 High Performance Unload — DB2 High Performance UnloadCWE-131	6.5	Medium	2025-10-27
CVE-2025-36138	IBM QRadar SIEM cross-site scripting — QRadar SIEMCWE-79	6.4	Medium	2025-10-27
CVE-2025-36170	IBM QRadar SIEM cross-site scripting — QRadar SIEMCWE-79	6.4	Medium	2025-10-27
CVE-2025-36007	IBM QRadar SIEM incorrect privilege assignment — QRadar SIEMCWE-266	7.8	High	2025-10-27

This page lists every published CVE security advisory associated with IBM. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

IBM — Vulnerabilities & Security Advisories 4629