Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

IBM — Vulnerabilities & Security Advisories 4629

Browse all 4629 CVE security advisories affecting IBM. AI-powered Chinese analysis, POCs, and references for each vulnerability.

IBM operates as a multinational technology and consulting corporation, primarily providing enterprise software, hybrid cloud services, and artificial intelligence solutions. Its extensive portfolio, including the Red Hat OpenShift platform and Watson AI suite, creates a broad attack surface that has historically been associated with Remote Code Execution (RCE) vulnerabilities, particularly within web application frameworks and middleware. Cross-site scripting (XSS) and privilege escalation flaws also frequently appear in its legacy enterprise applications and containerized environments. While the company maintains robust security protocols, past incidents have included data breaches affecting customer information and supply chain compromises. The high volume of recorded Common Vulnerabilities and Exposures (CVEs) reflects the complexity and scale of its global infrastructure rather than inherent systemic failure, though it necessitates rigorous patch management and continuous monitoring for enterprise clients relying on its diverse technological stack.

Top products by IBM: DB2 for Linux, UNIX and Windows InfoSphere Information Server Sterling B2B Integrator WebSphere Application Server Security Guardium QRadar SIEM Cognos Analytics MQ Maximo Asset Management API Connect Rational Quality Manager Rational Collaborative Lifecycle Management Security Key Lifecycle Manager i AIX Spectrum Protect Plus Robotic Process Automation Spectrum Scale UrbanCode Deploy Cognos Controller Aspera Faspex Sterling File Gateway Rational DOORS Next Generation Security Identity Governance and Intelligence Cloud Pak for Security Cloud Pak System Concert Financial Transaction Manager Content Navigator Jazz Reporting Service
CVE IDTitleCVSSSeverityPublished
CVE-2025-2793 IBM Sterling B2B Integrator and IBM Sterling File Gateway cross-site scripting — Sterling B2B IntegratorCWE-79 5.4 Medium2025-07-08
CVE-2025-3630 IBM Sterling B2B Integrator and IBM Sterling File Gateway cross-site scripting — Sterling B2B IntegratorCWE-79 6.4 Medium2025-07-08
CVE-2024-43190 IBM Engineering Requirements Management DOORS weak authentication — Engineering Requirements Management DOORSCWE-640 5.9 Medium2025-07-07
CVE-2025-1351 IBM Storage Virtualize privilege escalation — Storage VirtualizeCWE-362 6.7 Medium2025-07-07
CVE-2025-36014 IBM Integration Bus for z/OS code injection — Integration BusCWE-94 8.2 High2025-07-07
CVE-2025-2141 IBM System Storage Virtualization Engine TS7700 cross-site scripting — System Storage Virtualization Engine TS7700CWE-79 6.1 Medium2025-07-01
CVE-2025-36056 IBM System Storage Virtualization Engine TS7700 cross-site scripting — System Storage Virtualization Engine TS7700CWE-79 5.4 Medium2025-07-01
CVE-2025-2895 IBM Cloud Pak System HTML injection — Cloud Pak SystemCWE-80 5.4 Medium2025-06-30
CVE-2025-1991 IBM Informix Dynamic Server denial of service — Informix Dynamic ServerCWE-191 7.5 High2025-06-28
CVE-2024-52900 IBM Cognos Analytics cross-site scripting — Cognos AnalyticsCWE-79 6.4 Medium2025-06-28
CVE-2025-36027 IBM Datacap clickjacking — DatacapCWE-1021 5.4 Medium2025-06-28
CVE-2025-36026 IBM Datacap information disclosure — DatacapCWE-614 4.3 Medium2025-06-28
CVE-2024-39730 IBM Datacap clickjacking — DatacapCWE-451 5.4 Medium2025-06-28
CVE-2023-38007 IBM Cloud Pak System HTML injection — Cloud Pak SystemCWE-80 5.4 Medium2025-06-27
CVE-2025-36034 IBM InfoSphere DataStage Flow Designer information disclosure — InfoSphere Information ServerCWE-319 5.3 Medium2025-06-26
CVE-2025-36038 IBM WebSphere Application Server code execution — WebSphere Application ServerCWE-502 9.0 Critical2025-06-25
CVE-2025-0966 IBM InfoSphere Information Server SQL injection — InfoSphere Information ServerCWE-89 7.6 High2025-06-25
CVE-2025-36004 IBM i privilege escalation — iCWE-427 8.8 High2025-06-25
CVE-2025-3629 IBM InfoSphere Information Server file manipulation — InfoSphere Information ServerCWE-282 4.3 Medium2025-06-21
CVE-2025-3221 IBM InfoSphere Information Server denial of service — InfoSphere Information ServerCWE-770 7.5 High2025-06-21
CVE-2025-36016 IBM Process Mining HTTP open redirect — Process MiningCWE-601 6.8 Medium2025-06-21
CVE-2025-3319 IBM Spectrum Protect Server authentication bypass — Spectrum Protect ServerCWE-306 8.1 High2025-06-20
CVE-2025-33117 IBM QRadar SIEM command execution — QRadar SIEMCWE-73 9.1 Critical2025-06-19
CVE-2025-33121 IBM QRadar SIEM XML external entity injection — QRadar SIEMCWE-611 7.1 High2025-06-19
CVE-2025-36050 IBM QRadar SIEM information disclosure — QRadar SIEMCWE-532 6.2 Medium2025-06-19
CVE-2025-1349 IBM Sterling B2B Integrator and IBM Sterling File Gateway cross-site scripting — Sterling B2B IntegratorCWE-79 5.5 Medium2025-06-18
CVE-2025-1348 IBM Sterling B2B Integrator and IBM Sterling File Gateway information disclosure — Sterling B2B IntegratorCWE-525 4.0 Medium2025-06-18
CVE-2024-54172 IBM Sterling B2B Integrator and IBM Sterling File Gateway cross-site request forgery — Sterling B2B IntegratorCWE-352 4.3 Medium2025-06-18
CVE-2025-36049 IBM webMethods Integration Sever XML external entity injection — webMethods Integration ServerCWE-611 8.8 High2025-06-18
CVE-2025-36048 IBM webMethods Integration Sever code execution — webMethods Integration ServerCWE-250 7.2 High2025-06-18

This page lists every published CVE security advisory associated with IBM. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.