Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

IBM — Vulnerabilities & Security Advisories 4629

Browse all 4629 CVE security advisories affecting IBM. AI-powered Chinese analysis, POCs, and references for each vulnerability.

IBM operates as a multinational technology and consulting corporation, primarily providing enterprise software, hybrid cloud services, and artificial intelligence solutions. Its extensive portfolio, including the Red Hat OpenShift platform and Watson AI suite, creates a broad attack surface that has historically been associated with Remote Code Execution (RCE) vulnerabilities, particularly within web application frameworks and middleware. Cross-site scripting (XSS) and privilege escalation flaws also frequently appear in its legacy enterprise applications and containerized environments. While the company maintains robust security protocols, past incidents have included data breaches affecting customer information and supply chain compromises. The high volume of recorded Common Vulnerabilities and Exposures (CVEs) reflects the complexity and scale of its global infrastructure rather than inherent systemic failure, though it necessitates rigorous patch management and continuous monitoring for enterprise clients relying on its diverse technological stack.

Top products by IBM: DB2 for Linux, UNIX and Windows InfoSphere Information Server Sterling B2B Integrator WebSphere Application Server Security Guardium QRadar SIEM Cognos Analytics MQ Maximo Asset Management API Connect Rational Quality Manager Rational Collaborative Lifecycle Management Security Key Lifecycle Manager i AIX Spectrum Protect Plus Robotic Process Automation Spectrum Scale UrbanCode Deploy Cognos Controller Aspera Faspex Sterling File Gateway Rational DOORS Next Generation Security Identity Governance and Intelligence Cloud Pak for Security Cloud Pak System Concert Financial Transaction Manager Content Navigator Jazz Reporting Service
CVE IDTitleCVSSSeverityPublished
CVE-2025-3357 IBM Tivoli Monitoring code execution — Tivoli MonitoringCWE-1285 9.8 Critical2025-05-28
CVE-2025-25029 IBM Security Guardium information disclosure — Security GuardiumCWE-116 4.9 Medium2025-05-28
CVE-2025-25026 IBM Security Guardium information disclosure — Security GuardiumCWE-863 4.3 Medium2025-05-28
CVE-2025-25025 IBM Security Guardium information disclosure — Security GuardiumCWE-209 4.3 Medium2025-05-28
CVE-2024-45094 IBM DS8900F and DS8A00 Hardware Management Console (HMC) cross-site scripting — Hardware Management ConsoleCWE-79 5.5 Medium2025-05-27
CVE-2025-33079 IBM Controller information disclosure — ControllerCWE-256 6.5 Medium2025-05-27
CVE-2025-33138 IBM Aspera Faspex HTML injection — Aspera FaspexCWE-80 5.4 Medium2025-05-22
CVE-2025-33137 IBM Aspera Faspex data modification — Aspera FaspexCWE-602 7.1 High2025-05-22
CVE-2025-33136 IBM Aspera Faspex data modification — Aspera FaspexCWE-471 7.1 High2025-05-22
CVE-2024-45641 IBM Security ReaQta improper certificate validation — Security ReaQta EDRCWE-295 6.5 Medium2025-05-20
CVE-2023-33861 IBM Security ReaQta improper certificate validation — Security ReaQta EDRCWE-295 6.5 Medium2025-05-20
CVE-2025-33103 IBM i privilege escalation — iCWE-250 8.5 High2025-05-17
CVE-2024-51475 IBM Content Navigator HTML injection — Content NavigatorCWE-80 5.4 Medium2025-05-16
CVE-2025-1138 IBM Information Server information disclosure — InfoSphere Information ServerCWE-548 4.3 Medium2025-05-15
CVE-2025-3440 IBM Security Guardium cross-site scripting — Security GuardiumCWE-79 5.5 Medium2025-05-15
CVE-2025-33104 IBM WebSphere Application Server cross — WebSphere Application ServerCWE-79 4.4 Medium2025-05-14
CVE-2025-2900 IBM Semeru Runtime denial of service — Semeru RuntimeCWE-122 7.5 High2025-05-14
CVE-2025-3632 IBM 4769 Developers Toolkit denial of service — 4769 Developers ToolkitCWE-789 7.5 High2025-05-12
CVE-2025-1137 IBM Storage Scale command injection — Storage ScaleCWE-250 7.5 High2025-05-10
CVE-2025-1993 IBM App Connect Enterprise Certified Container information disclosure — App Connect Enterprise Certified ContainerCWE-521 5.1 Medium2025-05-09
CVE-2025-1331 IBM CICS TX code execution — CICS TX StandardCWE-242 7.8 High2025-05-08
CVE-2025-1330 IBM CICS TX code execution — CICS TX StandardCWE-787 7.8 High2025-05-08
CVE-2025-1329 IBM CICS TX code execution — CICS TX StandardCWE-787 7.8 High2025-05-08
CVE-2025-33093 IBM Sterling Partner Engagement Manager information disclosure — Sterling Partner Engagement ManagerCWE-260 7.5 High2025-05-07
CVE-2025-3218 IBM i improper certificate validation — iCWE-295 5.4 Medium2025-05-07
CVE-2025-2898 IBM Maximo Application Suite privilege escalation — Maximo Application SuiteCWE-266 7.5 High2025-05-06
CVE-2025-1493 IBM Db2 denial of service — Db2 for Linux, UNIX and WindowsCWE-362 5.3 Medium2025-05-05
CVE-2025-0915 IBM Db2 denial of service — Db2 for Linux, UNIX and WindowsCWE-770 5.3 Medium2025-05-05
CVE-2025-1000 IBM Db2 denial of service — Db2 for Linux, UNIX and WindowsCWE-770 5.3 Medium2025-05-05
CVE-2025-1992 IBM Db2 denial of service — Db2 for Linux, UNIX and WindowsCWE-401 5.3 Medium2025-05-05

This page lists every published CVE security advisory associated with IBM. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.