Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

IBM — Vulnerabilities & Security Advisories 4629

Browse all 4629 CVE security advisories affecting IBM. AI-powered Chinese analysis, POCs, and references for each vulnerability.

IBM operates as a multinational technology and consulting corporation, primarily providing enterprise software, hybrid cloud services, and artificial intelligence solutions. Its extensive portfolio, including the Red Hat OpenShift platform and Watson AI suite, creates a broad attack surface that has historically been associated with Remote Code Execution (RCE) vulnerabilities, particularly within web application frameworks and middleware. Cross-site scripting (XSS) and privilege escalation flaws also frequently appear in its legacy enterprise applications and containerized environments. While the company maintains robust security protocols, past incidents have included data breaches affecting customer information and supply chain compromises. The high volume of recorded Common Vulnerabilities and Exposures (CVEs) reflects the complexity and scale of its global infrastructure rather than inherent systemic failure, though it necessitates rigorous patch management and continuous monitoring for enterprise clients relying on its diverse technological stack.

Top products by IBM: DB2 for Linux, UNIX and Windows InfoSphere Information Server Sterling B2B Integrator WebSphere Application Server Security Guardium QRadar SIEM Cognos Analytics MQ Maximo Asset Management API Connect Rational Quality Manager Rational Collaborative Lifecycle Management Security Key Lifecycle Manager i AIX Spectrum Protect Plus Robotic Process Automation Spectrum Scale UrbanCode Deploy Cognos Controller Aspera Faspex Sterling File Gateway Rational DOORS Next Generation Security Identity Governance and Intelligence Cloud Pak for Security Cloud Pak System Concert Financial Transaction Manager Content Navigator Jazz Reporting Service
CVE IDTitleCVSSSeverityPublished
CVE-2024-54183 IBM Sterling B2B Integrator and IBM Sterling File Gateway cross-site scripting — Sterling B2B IntegratorCWE-79 5.4 Medium2025-06-18
CVE-2025-33122 IBM i privilege escalation — iCWE-427 7.5 High2025-06-17
CVE-2025-36041 IBM MQ improper certificate validation — MQ OperatorCWE-295 4.7 Medium2025-06-15
CVE-2025-1411 IBM Security Verify Directory Container command execution — Security Verify DirectoryCWE-250 7.8 High2025-06-15
CVE-2025-33108 IBM Backup Recovery and Media Services for i code execution — Backup Recovery and Media Services for iCWE-250 8.5 High2025-06-14
CVE-2025-0923 IBM Cognos Analytics information disclosure — Cognos AnalyticsCWE-540 5.3 Medium2025-06-11
CVE-2025-0917 IBM Cognos Analytics cross-site scripting — Cognos AnalyticsCWE-79 5.5 Medium2025-06-11
CVE-2025-25032 IBM Cognos Analytics denial of service — Cognos AnalyticsCWE-770 7.5 High2025-06-11
CVE-2025-3473 IBM Security Guardium privilege escalation — Security GuardiumCWE-277 6.7 Medium2025-06-11
CVE-2025-0163 IBM Security Verify Access information disclosure — Security Verify AccessCWE-204 5.3 Medium2025-06-11
CVE-2025-33112 IBM AIX command execution — AIXCWE-23 8.4 High2025-06-10
CVE-2024-56343 IBM Verify Identity Access Digital Credentials denial of service — Verify Identity Access Digital CredentialsCWE-771 4.3 Medium2025-06-06
CVE-2024-56342 IBM Verify Identity Access Digital Credentials information disclosure — Verify Identity Access Digital CredentialsCWE-209 4.3 Medium2025-06-06
CVE-2024-22330 IBM Security Verify Governance information disclosure — Security Verify GovernanceCWE-521 5.9 Medium2025-06-06
CVE-2025-25020 IBM QRadar Suite Software and IBM Cloud Pak for Security improper input validation — QRadar Suite SoftwareCWE-1287 6.5 Medium2025-06-03
CVE-2025-1334 IBM QRadar Suite Software and IBM Cloud Pak for Security information disclosure — QRadar Suite SoftwareCWE-525 4.0 Medium2025-06-03
CVE-2025-25021 IBM QRadar Suite Software and IBM Cloud Pak for Security code injection — QRadar Suite SoftwareCWE-94 7.2 High2025-06-03
CVE-2025-25022 IBM QRadar Suite Software and IBM Cloud Pak for Security information disclosure — QRadar Suite SoftwareCWE-260 9.6 Critical2025-06-03
CVE-2025-25019 IBM QRadar Suite Software and IBM Cloud Pak for Security session fixation — QRadar Suite SoftwareCWE-613 4.8 Medium2025-06-03
CVE-2024-45655 IBM Application Gateway incorrect permission assignment — Application GatewayCWE-732 5.5 Medium2025-06-03
CVE-2025-33005 IBM Planning Analytics Local session fixation — Planning Analytics LocalCWE-613 6.3 Medium2025-06-01
CVE-2025-33004 IBM Planning Analytics Local path traversal — Planning Analytics LocalCWE-22 6.5 Medium2025-06-01
CVE-2025-2896 IBM Planning Analytics Local cross-site scripting — Planning Analytics LocalCWE-79 4.8 Medium2025-06-01
CVE-2025-25044 IBM Planning Analytics Local cross-site scripting — Planning Analytics LocalCWE-79 5.4 Medium2025-06-01
CVE-2025-1499 IBM InfoSphere Information Server information disclosure — InfoSphere Information ServerCWE-312 6.5 Medium2025-06-01
CVE-2024-49350 IBM Db2 denial of service — Db2 for Linux, UNIX and WindowsCWE-121 6.5 Medium2025-05-29
CVE-2025-2518 IBM Db2 denial of service — Db2 for Linux, UNIX and WindowsCWE-789 5.3 Medium2025-05-29
CVE-2025-3050 IBM Db2 denial of service — Db2 for Linux, UNIX and WindowsCWE-770 5.3 Medium2025-05-29
CVE-2024-51453 IBM Sterling Secure Proxy directory traversal — Sterling Secure ProxyCWE-22 4.3 Medium2025-05-28
CVE-2024-38341 IBM Sterling Secure Proxy information disclosure — Sterling Secure ProxyCWE-328 5.9 Medium2025-05-28

This page lists every published CVE security advisory associated with IBM. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.