IBM — Vulnerabilities & Security Advisories 4629

Browse all 4629 CVE security advisories affecting IBM. AI-powered Chinese analysis, POCs, and references for each vulnerability.

IBM operates as a multinational technology and consulting corporation, primarily providing enterprise software, hybrid cloud services, and artificial intelligence solutions. Its extensive portfolio, including the Red Hat OpenShift platform and Watson AI suite, creates a broad attack surface that has historically been associated with Remote Code Execution (RCE) vulnerabilities, particularly within web application frameworks and middleware. Cross-site scripting (XSS) and privilege escalation flaws also frequently appear in its legacy enterprise applications and containerized environments. While the company maintains robust security protocols, past incidents have included data breaches affecting customer information and supply chain compromises. The high volume of recorded Common Vulnerabilities and Exposures (CVEs) reflects the complexity and scale of its global infrastructure rather than inherent systemic failure, though it necessitates rigorous patch management and continuous monitoring for enterprise clients relying on its diverse technological stack.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-36121	HTML Injection Vulnerability in a Specific URL Endpoint of the IBM OpenPages Application — OpenPagesCWE-80	5.4	Medium	2025-10-27
CVE-2025-36361	IBM App Connect Enterprise runtime is vulnerable to a lack of authorization on windows environments using IWA — App Connect EnterpriseCWE-862	6.3	Medium	2025-10-24
CVE-2025-36128	IBM MQ denial of service — MQCWE-772	7.5	High	2025-10-16
CVE-2025-36002	IBM Sterling B2B Integrator information disclosure — Sterling B2B IntegratorCWE-260	5.5	Medium	2025-10-16
CVE-2025-2529	IBM Terracotta denial of service — TerracottaCWE-228	2.9	Low	2025-10-15
CVE-2025-27906	IBM Content Navigator information disclosure — Content NavigatorCWE-548	5.3	Medium	2025-10-14
CVE-2025-36087	IBM Security Verify Access hard coded credentials — Security Verify AccessCWE-798	8.1	High	2025-10-13
CVE-2025-2138	IBM Engineering Requirements Management Doors Next data modification — Engineering Requirements Management Doors NextCWE-602	3.5	Low	2025-10-12
CVE-2025-2139	IBM Engineering Requirements Management Doors Next security bypass — Engineering Requirements Management Doors NextCWE-602	3.5	Low	2025-10-12
CVE-2025-2140	IBM Engineering Requirements Management Doors Next spoofing — Engineering Requirements Management Doors NextCWE-346	5.7	Medium	2025-10-12
CVE-2025-33096	IBM Engineering Requirements Management Doors Next denial of service — Engineering Requirements Management Doors NextCWE-674	6.5	Medium	2025-10-12
CVE-2025-36171	IBM Aspera Faspex denial of service — Aspera FaspexCWE-770	4.9	Medium	2025-10-09
CVE-2025-36225	IBM Aspera Faspex information disclosure — Aspera FaspexCWE-203	4.3	Medium	2025-10-09
CVE-2023-37401	IBM Aspera Faspex cross-origin resource sharing — Aspera FaspexCWE-942	5.3	Medium	2025-10-09
CVE-2025-1826	IBM Jazz Foundation cross-site scripting — Jazz FoundationCWE-79	5.4	Medium	2025-10-07
CVE-2025-36156	IBM InfoSphere Data Replication VSAM for z/OS Remote Source code execution — InfoSphere Data Replication VSAM for z/OS Remote SourceCWE-119	7.4	High	2025-10-07
CVE-2025-36354	IBM Security Verify Access command execution — Security Verify Access ApplianceCWE-78	7.3	High	2025-10-06
CVE-2025-36355	IBM Security Verify Access code execution — Security Verify Access ApplianceCWE-829	8.5	High	2025-10-06
CVE-2025-36356	IBM Security Verify Access privilege escalation — Security Verify Access ApplianceCWE-250	9.3	Critical	2025-10-06
CVE-2023-49886	IBM Transformation Extender Advanced code execution — Transformation Extender AdvancedCWE-502	9.8	Critical	2025-10-06
CVE-2023-49883	IBM Transformation Extender Advanced information disclosure — Transformation Extender AdvancedCWE-521	5.9	Medium	2025-10-01
CVE-2023-50300	IBM Transformation Extender Advanced improper access control — Transformation Extender AdvancedCWE-284	5.1	Medium	2025-10-01
CVE-2023-49881	IBM Transformation Extender Advanced session fixation — Transformation Extender AdvancedCWE-613	6.3	Medium	2025-10-01
CVE-2023-50301	IBM Transformation Extender Advanced information disclosure — Transformation Extender AdvancedCWE-532	1.9	Low	2025-10-01
CVE-2025-36262	IBM Planning Analytics Local information disclosure — Planning Analytics LocalCWE-1286	4.9	Medium	2025-09-30
CVE-2025-36132	IBM Planning Analytics Local cross-site scripting — Planning Analytics LocalCWE-79	5.4	Medium	2025-09-30
CVE-2025-36245	IBM InfoSphere Information Server command execution — InfoSphere Information ServerCWE-78	8.8	High	2025-09-29
CVE-2025-36099	IBM WebSphere Application Server denial of service — WebSphere Application ServerCWE-770	4.9	Medium	2025-09-29
CVE-2025-36351	IBM License Metric Tool bypass security — License Metric ToolCWE-284	4.3	Medium	2025-09-29
CVE-2025-36352	IBM License Metric Tool cross-site scripting — License Metric ToolCWE-79	6.4	Medium	2025-09-29

This page lists every published CVE security advisory associated with IBM. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

IBM — Vulnerabilities & Security Advisories 4629