Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

IBM — Vulnerabilities & Security Advisories 4629

Browse all 4629 CVE security advisories affecting IBM. AI-powered Chinese analysis, POCs, and references for each vulnerability.

IBM operates as a multinational technology and consulting corporation, primarily providing enterprise software, hybrid cloud services, and artificial intelligence solutions. Its extensive portfolio, including the Red Hat OpenShift platform and Watson AI suite, creates a broad attack surface that has historically been associated with Remote Code Execution (RCE) vulnerabilities, particularly within web application frameworks and middleware. Cross-site scripting (XSS) and privilege escalation flaws also frequently appear in its legacy enterprise applications and containerized environments. While the company maintains robust security protocols, past incidents have included data breaches affecting customer information and supply chain compromises. The high volume of recorded Common Vulnerabilities and Exposures (CVEs) reflects the complexity and scale of its global infrastructure rather than inherent systemic failure, though it necessitates rigorous patch management and continuous monitoring for enterprise clients relying on its diverse technological stack.

Top products by IBM: DB2 for Linux, UNIX and Windows InfoSphere Information Server Sterling B2B Integrator WebSphere Application Server Security Guardium QRadar SIEM Cognos Analytics MQ Maximo Asset Management API Connect Rational Quality Manager Rational Collaborative Lifecycle Management Security Key Lifecycle Manager i AIX Spectrum Protect Plus Robotic Process Automation Spectrum Scale UrbanCode Deploy Cognos Controller Aspera Faspex Sterling File Gateway Rational DOORS Next Generation Security Identity Governance and Intelligence Cloud Pak for Security Cloud Pak System Concert Financial Transaction Manager Content Navigator Jazz Reporting Service
CVE IDTitleCVSSSeverityPublished
CVE-2025-33020 IBM Engineering Systems Design Rhapsody information disclosure — Engineering Systems Design RhapsodyCWE-311 5.9 Medium2025-07-23
CVE-2025-36117 IBM Db2 Mirror for i session fixation — Db2 Mirror for iCWE-384 6.3 Medium2025-07-23
CVE-2025-36116 IBM Db2 Mirror for i cross-site websocket hijacking — Db2 Mirror for iCWE-1385 6.3 Medium2025-07-23
CVE-2024-41750 IBM SmartCloud Analytics - Log Analysis security bypass — SmartCloud Analytics Log AnalysisCWE-602 5.5 Medium2025-07-23
CVE-2024-40682 IBM SmartCloud Analytics - Log Analysis denial of service — SmartCloud Analytics Log AnalysisCWE-1287 6.2 Medium2025-07-23
CVE-2024-40686 IBM SmartCloud Analytics - Log Analysis HOST header injection — SmartCloud Analytics Log AnalysisCWE-644 5.4 Medium2025-07-23
CVE-2024-41751 IBM SmartCloud Analytics - Log Analysis security bypass — SmartCloud Analytics Log AnalysisCWE-602 5.5 Medium2025-07-23
CVE-2024-38335 IBM Security QRadar Network Threat Analytics denial of service — Security QRadar Network Threat AnalyticsCWE-770 4.5 Medium2025-07-22
CVE-2025-36057 IBM Cognos Analytics Mobile (iOS) authentication bypass — Cognos Analytics MobileCWE-299 5.2 Medium2025-07-21
CVE-2025-36062 IBM Cognos Analytics Mobile (iOS) information disclosure — Cognos Analytics MobileCWE-311 5.9 Medium2025-07-21
CVE-2025-36106 IBM Cognos Analytics Mobile (iOS) information disclosure — Cognos Analytics MobileCWE-326 6.5 Medium2025-07-21
CVE-2025-36107 IBM Cognos Analytics Mobile (iOS) information disclosure — Cognos Analytics MobileCWE-319 5.9 Medium2025-07-21
CVE-2025-33014 IBM Sterling B2B Integrator and IBM Sterling File Gateway link injection — Sterling B2B IntegratorCWE-1022 5.4 Medium2025-07-18
CVE-2025-36097 IBM WebSphere Application Server denial of service — WebSphere Application ServerCWE-121 7.5 High2025-07-16
CVE-2025-33097 IBM QRadar SIEM cross-site scripting — QRadar SIEMCWE-79 6.4 Medium2025-07-15
CVE-2025-36104 IBM Storage Scale information disclosure — Storage ScaleCWE-277 6.5 Medium2025-07-12
CVE-2025-3631 IBM MQ denial of service — MQCWE-416 6.5 Medium2025-07-11
CVE-2024-39752 IBM Analytics Content Hub file upload — Analytics Content HubCWE-434 6.8 Medium2025-07-10
CVE-2024-38327 IBM Analytics Content Hub information disclosure — Analytics Content HubCWE-540 6.8 Medium2025-07-10
CVE-2025-36090 IBM Analytics Content Hub information disclosure — Analytics Content HubCWE-209 4.3 Medium2025-07-10
CVE-2024-37524 IBM Analytics Content Hub information disclosure — Analytics Content HubCWE-209 5.3 Medium2025-07-10
CVE-2025-1112 IBM OpenPages with Watson information disclosure — OpenPages with WatsonCWE-282 4.3 Medium2025-07-09
CVE-2025-2670 IBM OpenPages information disclosure — OpenPagesCWE-497 4.3 Medium2025-07-09
CVE-2024-56468 IBM InfoSphere Data Replication VSAM for z/OS Remote Source denial of service — InfoSphere Data Replication VSAM for z/OS Remote SourceCWE-121 7.5 High2025-07-08
CVE-2025-27369 IBM OpenPages with Watson information disclosure — OpenPages with WatsonCWE-497 4.3 Medium2025-07-08
CVE-2025-27367 IBM OpenPages with Watson improper input validation — OpenPages with WatsonCWE-602 5.3 Medium2025-07-08
CVE-2024-49783 IBM OpenPages with Watson information disclosure — OpenPages with WatsonCWE-329 5.3 Medium2025-07-08
CVE-2024-49784 IBM OpenPages with Watson information disclosure — OpenPages with WatsonCWE-327 5.3 Medium2025-07-08
CVE-2023-43039 IBM OpenPages with Watson cross-site scripting — OpenPages with WatsonCWE-79 6.1 Medium2025-07-08
CVE-2025-2827 IBM Sterling File Gateway information disclosure — Sterling File GatewayCWE-548 4.3 Medium2025-07-08

This page lists every published CVE security advisory associated with IBM. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.