Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

IBM — Vulnerabilities & Security Advisories 4629

Browse all 4629 CVE security advisories affecting IBM. AI-powered Chinese analysis, POCs, and references for each vulnerability.

IBM operates as a multinational technology and consulting corporation, primarily providing enterprise software, hybrid cloud services, and artificial intelligence solutions. Its extensive portfolio, including the Red Hat OpenShift platform and Watson AI suite, creates a broad attack surface that has historically been associated with Remote Code Execution (RCE) vulnerabilities, particularly within web application frameworks and middleware. Cross-site scripting (XSS) and privilege escalation flaws also frequently appear in its legacy enterprise applications and containerized environments. While the company maintains robust security protocols, past incidents have included data breaches affecting customer information and supply chain compromises. The high volume of recorded Common Vulnerabilities and Exposures (CVEs) reflects the complexity and scale of its global infrastructure rather than inherent systemic failure, though it necessitates rigorous patch management and continuous monitoring for enterprise clients relying on its diverse technological stack.

Top products by IBM: DB2 for Linux, UNIX and Windows InfoSphere Information Server Sterling B2B Integrator WebSphere Application Server Security Guardium QRadar SIEM Cognos Analytics MQ Maximo Asset Management API Connect Rational Quality Manager Rational Collaborative Lifecycle Management Security Key Lifecycle Manager i AIX Spectrum Protect Plus Robotic Process Automation Spectrum Scale UrbanCode Deploy Cognos Controller Aspera Faspex Sterling File Gateway Rational DOORS Next Generation Security Identity Governance and Intelligence Cloud Pak for Security Cloud Pak System Concert Financial Transaction Manager Content Navigator Jazz Reporting Service
CVE IDTitleCVSSSeverityPublished
CVE-2025-36239 IBM Storage TS4500 Library cross-site scripting — Storage TS4500 LibraryCWE-79 6.1 Medium2025-09-27
CVE-2024-43192 IBM Storage TS4500 Library cross-site request forgery — Storage TS4500 LibraryCWE-352 6.5 Medium2025-09-27
CVE-2025-36144 IBM watsonx.data information disclosure — watsonx.dataCWE-532 3.3 Low2025-09-27
CVE-2025-36326 IBM Controller information disclosure — Cognos ControllerCWE-321 3.7 Low2025-09-26
CVE-2025-36274 IBM Aspera HTTP Gateway information disclosure — Aspera HTTP GatewayCWE-319 7.5 High2025-09-26
CVE-2025-33116 IBM Watson Studio on Cloud Pak for Data cross-site scripting — Watson Studio on Cloud Pak for DataCWE-79 4.4 Medium2025-09-25
CVE-2025-36064 IBM Sterling Connect:Express for Microsoft Windows information disclosure — Sterling Connect:Express for Microsoft WindowsCWE-307 5.9 Medium2025-09-22
CVE-2025-36037 IBM webMethods Integration server-side request forgery — webMethods IntegrationCWE-918 5.4 Medium2025-09-22
CVE-2025-36202 IBM webMethods Integration code execution — webMethods IntegrationCWE-134 7.5 High2025-09-22
CVE-2025-36248 IBM Copy Services Manager cross-site scripting — Copy Services ManagerCWE-79 6.1 Medium2025-09-19
CVE-2025-36146 IBM watsonx.data information disclosure — watsonx.dataCWE-497 4.3 Medium2025-09-18
CVE-2025-36143 IBM watsonx.data command execution — watsonx.dataCWE-78 4.7 Medium2025-09-18
CVE-2025-36139 IBM watsonx.data cross-site scripting — watsonx.dataCWE-79 5.5 Medium2025-09-18
CVE-2025-36244 IBM AIX privilege escalation — AIXCWE-454 7.4 High2025-09-16
CVE-2025-36082 IBM OpenPages information disclosure — OpenPagesCWE-525 4.0 Medium2025-09-15
CVE-2025-0164 IBM QRadar SIEM information disclosure — QRadar SIEMCWE-732 2.3 Low2025-09-14
CVE-2025-36035 IBM PowerVM Hypervisor denial of service — PowerVM HypervisorCWE-770 6.7 Medium2025-09-14
CVE-2025-36222 IBM Fusion insecure default configuration — FusionCWE-1188 8.7 High2025-09-11
CVE-2024-45671 IBM Security Verify Information Queue information disclosure — Security Verify Information QueueCWE-327 5.9 Medium2025-09-10
CVE-2024-45669 IBM Security Verify Information Queue denial of service — Security Verify Information QueueCWE-770 6.5 Medium2025-09-10
CVE-2024-47120 IBM Security Verify Information Queue code execution — Security Verify Information QueueCWE-250 6.4 Medium2025-09-10
CVE-2025-36011 IBM Jazz for Service Management information disclosure — Jazz for Service ManagementCWE-614 4.3 Medium2025-09-09
CVE-2025-36125 IBM Hardware Management Console - Power Systems cross-site scripting — Hardware Management ConsoleCWE-79 6.4 Medium2025-09-09
CVE-2025-1761 IBM Concert Software information disclosure — Concert SoftwareCWE-824 5.9 Medium2025-09-08
CVE-2025-36100 IBM MQ information disclosure — MQCWE-260 5.1 Medium2025-09-07
CVE-2025-25048 IBM Jazz Foundation path traversal — Jazz FoundationCWE-23 6.5 Medium2025-09-04
CVE-2024-43184 IBM Jazz Foundation cross-site scripting — Jazz FoundationCWE-79 6.1 Medium2025-09-04
CVE-2025-2667 IBM Sterling B2B Integrator information disclosure — Sterling B2B IntegratorCWE-497 2.7 Low2025-09-04
CVE-2025-2694 IBM Sterling B2B Integrator cross-site scripting — Sterling B2B IntegratorCWE-79 4.8 Medium2025-09-04
CVE-2025-36193 IBM Transformation Advisor incorrect permissions — Transformation AdvisorCWE-732 8.4 High2025-09-03

This page lists every published CVE security advisory associated with IBM. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.