Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

IBM — Vulnerabilities & Security Advisories 4629

Browse all 4629 CVE security advisories affecting IBM. AI-powered Chinese analysis, POCs, and references for each vulnerability.

IBM operates as a multinational technology and consulting corporation, primarily providing enterprise software, hybrid cloud services, and artificial intelligence solutions. Its extensive portfolio, including the Red Hat OpenShift platform and Watson AI suite, creates a broad attack surface that has historically been associated with Remote Code Execution (RCE) vulnerabilities, particularly within web application frameworks and middleware. Cross-site scripting (XSS) and privilege escalation flaws also frequently appear in its legacy enterprise applications and containerized environments. While the company maintains robust security protocols, past incidents have included data breaches affecting customer information and supply chain compromises. The high volume of recorded Common Vulnerabilities and Exposures (CVEs) reflects the complexity and scale of its global infrastructure rather than inherent systemic failure, though it necessitates rigorous patch management and continuous monitoring for enterprise clients relying on its diverse technological stack.

Top products by IBM: DB2 for Linux, UNIX and Windows InfoSphere Information Server Sterling B2B Integrator WebSphere Application Server Security Guardium QRadar SIEM Cognos Analytics MQ Maximo Asset Management API Connect Rational Quality Manager Rational Collaborative Lifecycle Management Security Key Lifecycle Manager i AIX Spectrum Protect Plus Robotic Process Automation Spectrum Scale UrbanCode Deploy Cognos Controller Aspera Faspex Sterling File Gateway Rational DOORS Next Generation Security Identity Governance and Intelligence Cloud Pak for Security Cloud Pak System Concert Financial Transaction Manager Content Navigator Jazz Reporting Service
CVE IDTitleCVSSSeverityPublished
CVE-2025-33142 IBM WebSphere Application Server information disclosure — WebSphere Application ServerCWE-295 5.3 Medium2025-08-14
CVE-2025-36047 IBM WebSphere Application Server Liberty denial of service — WebSphere Application Server LibertyCWE-770 5.3 Medium2025-08-14
CVE-2025-36000 IBM WebSphere Application Server Liberty cross-site scripting — WebSphere Application Server LibertyCWE-79 4.4 Medium2025-08-12
CVE-2025-36124 IBM WebSphere Application Server Liberty bypass security — WebSphere Application Server LibertyCWE-268 5.9 Medium2025-08-12
CVE-2025-36023 IBM Cloud Pak for Business Automation security bypass — Cloud Pak for Business AutomationCWE-639 6.5 Medium2025-08-08
CVE-2025-36119 IBM i authentication bypass — iCWE-290 7.1 High2025-08-08
CVE-2024-56339 IBM WebSphere Application Server information disclosure — WebSphere Application ServerCWE-650 3.7 Low2025-08-07
CVE-2025-36020 IBM Guardium Data Protection information disclosure — Guardium Data ProtectionCWE-319 5.9 Medium2025-08-06
CVE-2025-3354 IBM Tivoli Monitoring code execution — Tivoli MonitoringCWE-122 8.1 High2025-08-06
CVE-2025-3320 IBM Tivoli Monitoring code execution — Tivoli MonitoringCWE-122 8.1 High2025-08-06
CVE-2024-52890 IBM Engineering Lifecycle Optimization - Publishing cross-site scripting — IBM Engineering Lifecycle Optimization - PublishingCWE-84 6.1 Medium2025-08-05
CVE-2025-2824 IBM Operational Decision Manager HTTP open redirect — Operational Decision ManagerCWE-601 7.4 High2025-08-01
CVE-2025-33118 IBM QRadar SIEM cross-site scripting — QRadar SIEMCWE-79 6.4 Medium2025-08-01
CVE-2025-36040 IBM Aspera Faspex session fixation — Aspera FaspexCWE-613 6.5 Medium2025-07-30
CVE-2025-36039 IBM Aspera Faspex bypass security — Aspera FaspexCWE-602 6.5 Medium2025-07-30
CVE-2024-49828 IBM Db2 for Linux, UNIX and Windows denial of service — Db2CWE-121 6.5 Medium2025-07-29
CVE-2024-51473 IBM Db2 for Linux, UNIX and Windows denial of service — Db2CWE-121 6.5 Medium2025-07-29
CVE-2024-52894 IBM Db2 for Linux, UNIX and Windows denial of service — Db2CWE-121 4.9 Medium2025-07-29
CVE-2025-33114 IBM Db2 for Linux denial of service — Db2CWE-943 5.3 Medium2025-07-29
CVE-2025-33092 IBM Db2 for Linux code execution — Db2CWE-121 7.8 High2025-07-29
CVE-2025-36071 IBM Db2 denial of service — IBM Db2CWE-772 6.5 Medium2025-07-29
CVE-2025-36010 IBM Db2 for Linux denial of service — Db2CWE-833 6.5 Medium2025-07-29
CVE-2025-2533 IBM Db2 for Linux denial of service — Db2CWE-789 5.3 Medium2025-07-29
CVE-2024-49343 IBM Informix Dynamic Server HTML injection — Informix Dynamic ServerCWE-80 5.4 Medium2025-07-28
CVE-2024-49342 IBM Informix Dynamic Server information disclosure — Informix Dynamic ServerCWE-307 7.5 High2025-07-28
CVE-2025-33109 IBM i privilege escalation — iCWE-250 7.5 High2025-07-24
CVE-2025-33013 IBM MQ Operator information disclosure — MQ OperatorCWE-244 6.2 Medium2025-07-24
CVE-2025-36005 IBM MQ Operator information disclosure — MQ OperatorCWE-295 5.9 Medium2025-07-24
CVE-2025-33077 IBM Engineering Systems Design Rhapsody code execution — Engineering Systems Design RhapsodyCWE-119 8.8 High2025-07-23
CVE-2025-33076 IBM Engineering Systems Design Rhapsody code execution — Engineering Systems Design RhapsodyCWE-119 8.8 High2025-07-23

This page lists every published CVE security advisory associated with IBM. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.