Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

IBM — Vulnerabilities & Security Advisories 4629

Browse all 4629 CVE security advisories affecting IBM. AI-powered Chinese analysis, POCs, and references for each vulnerability.

IBM operates as a multinational technology and consulting corporation, primarily providing enterprise software, hybrid cloud services, and artificial intelligence solutions. Its extensive portfolio, including the Red Hat OpenShift platform and Watson AI suite, creates a broad attack surface that has historically been associated with Remote Code Execution (RCE) vulnerabilities, particularly within web application frameworks and middleware. Cross-site scripting (XSS) and privilege escalation flaws also frequently appear in its legacy enterprise applications and containerized environments. While the company maintains robust security protocols, past incidents have included data breaches affecting customer information and supply chain compromises. The high volume of recorded Common Vulnerabilities and Exposures (CVEs) reflects the complexity and scale of its global infrastructure rather than inherent systemic failure, though it necessitates rigorous patch management and continuous monitoring for enterprise clients relying on its diverse technological stack.

Top products by IBM: DB2 for Linux, UNIX and Windows InfoSphere Information Server Sterling B2B Integrator WebSphere Application Server Security Guardium QRadar SIEM Cognos Analytics MQ Maximo Asset Management API Connect Rational Quality Manager Rational Collaborative Lifecycle Management Security Key Lifecycle Manager i AIX Spectrum Protect Plus Robotic Process Automation Spectrum Scale UrbanCode Deploy Cognos Controller Aspera Faspex Sterling File Gateway Rational DOORS Next Generation Security Identity Governance and Intelligence Cloud Pak for Security Cloud Pak System Concert Financial Transaction Manager Content Navigator Jazz Reporting Service
CVE IDTitleCVSSSeverityPublished
CVE-2025-36162 IBM DevOps Deploy / IBM UrbanCode Deploy information disclosure — UrbanCode DeployCWE-497 4.3 Medium2025-09-02
CVE-2025-0656 IBM Concert Software cross-site scripting — Concert SoftwareCWE-79 6.1 Medium2025-09-01
CVE-2025-33082 IBM Concert Software cross-site scripting — Concert SoftwareCWE-79 5.4 Medium2025-09-01
CVE-2025-33083 IBM Concert Software cross-site scripting — Concert SoftwareCWE-79 5.4 Medium2025-09-01
CVE-2025-33084 IBM Concert Software information disclosure — Concert SoftwareCWE-327 5.9 Medium2025-09-01
CVE-2025-33099 IBM Concert Software information disclosure — Concert SoftwareCWE-295 5.9 Medium2025-09-01
CVE-2025-33102 IBM Concert Software information disclosure — Concert SoftwareCWE-327 5.9 Medium2025-09-01
CVE-2025-36133 IBM App Connect Enterprise information disclosure — App Connect Enterprise Certified ContainerCWE-532 5.9 Medium2025-09-01
CVE-2025-0165 IBM watsonx Orchestrate Cartridge for IBM Cloud Pak for Data SQL injection — watsonx Orchestrate Cartridge for IBM Cloud Pak for DataCWE-89 7.6 High2025-08-30
CVE-2024-49790 IBM Watson Studio on Cloud Pak for Data cross-site scripting — Watson Studio on Cloud Pak for DataCWE-79 5.4 Medium2025-08-28
CVE-2025-36003 IBM Security Verify Governance Identity Manager information disclosure — Security Verify Governance Identity ManagerCWE-209 7.5 High2025-08-28
CVE-2025-1994 IBM Cognos Command Center code execution — Cognos Command CenterCWE-242 7.8 High2025-08-26
CVE-2025-2697 IBM Cognos Command Center HTTP Open Redirect — Cognos Command CenterCWE-601 7.4 High2025-08-26
CVE-2025-1494 IBM Cognos Command Center clickjacking — Cognos Command CenterCWE-1021 6.1 Medium2025-08-26
CVE-2025-36174 IBM Integrated Analytics System file upload — Integrated Analytics SystemCWE-434 8.0 High2025-08-24
CVE-2025-36157 IBM Engineering Lifecycle Management incorrect authorization — Engineering Lifecycle ManagementCWE-863 9.8 Critical2025-08-24
CVE-2025-36042 IBM QRadar SIEM cross-site scripting — QRadar SIEMCWE-79 5.4 Medium2025-08-22
CVE-2025-33120 IBM QRadar SIEM privilege escalation — QRadar SIEMCWE-250 7.8 High2025-08-22
CVE-2025-1142 IBM Edge Application Manager server-side request forgery — Edge Application ManagerCWE-918 5.4 Medium2025-08-20
CVE-2025-1139 IBM Edge Application Manager incorrect permissions — Edge Application ManagerCWE-732 6.1 Medium2025-08-20
CVE-2025-36114 IBM QRadar SOAR Plugin App path traversal — QRadar SOAR Plugin AppCWE-20 6.5 Medium2025-08-20
CVE-2025-2988 IBM Sterling B2B Integrator and IBM Sterling File Gateway information disclosure — Sterling B2B IntegratorCWE-497 2.7 Low2025-08-19
CVE-2025-33008 IBM Sterling B2B Integrator and IBM Sterling File Gateway cross-site scripting — Sterling B2B IntegratorCWE-79 5.4 Medium2025-08-19
CVE-2025-33100 IBM Concert Software information disclosure — Concert SoftwareCWE-798 6.2 Medium2025-08-18
CVE-2025-33090 IBM Concert Software denial of service — Concert SoftwareCWE-1333 7.5 High2025-08-18
CVE-2025-27909 IBM Concert Software cross-origin resource sharing — Concert SoftwareCWE-942 5.4 Medium2025-08-18
CVE-2025-1759 IBM Concert Software information disclosure — Concert SoftwareCWE-244 5.9 Medium2025-08-18
CVE-2024-49827 IBM Concert Software information disclosure — Concert SoftwareCWE-213 3.7 Low2025-08-18
CVE-2025-36120 IBM Storage Virtualize privilege escalation — Storage VirtualizeCWE-863 8.8 High2025-08-18
CVE-2025-36088 IBM TS4500 cross-site scripting — Storage TS4500 LibraryCWE-79 5.4 Medium2025-08-15

This page lists every published CVE security advisory associated with IBM. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.