Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

IBM — Vulnerabilities & Security Advisories 4629

Browse all 4629 CVE security advisories affecting IBM. AI-powered Chinese analysis, POCs, and references for each vulnerability.

IBM operates as a multinational technology and consulting corporation, primarily providing enterprise software, hybrid cloud services, and artificial intelligence solutions. Its extensive portfolio, including the Red Hat OpenShift platform and Watson AI suite, creates a broad attack surface that has historically been associated with Remote Code Execution (RCE) vulnerabilities, particularly within web application frameworks and middleware. Cross-site scripting (XSS) and privilege escalation flaws also frequently appear in its legacy enterprise applications and containerized environments. While the company maintains robust security protocols, past incidents have included data breaches affecting customer information and supply chain compromises. The high volume of recorded Common Vulnerabilities and Exposures (CVEs) reflects the complexity and scale of its global infrastructure rather than inherent systemic failure, though it necessitates rigorous patch management and continuous monitoring for enterprise clients relying on its diverse technological stack.

Top products by IBM: DB2 for Linux, UNIX and Windows InfoSphere Information Server Sterling B2B Integrator WebSphere Application Server Security Guardium QRadar SIEM Cognos Analytics MQ Maximo Asset Management API Connect Rational Quality Manager Rational Collaborative Lifecycle Management Security Key Lifecycle Manager i AIX Spectrum Protect Plus Robotic Process Automation Spectrum Scale UrbanCode Deploy Cognos Controller Aspera Faspex Sterling File Gateway Rational DOORS Next Generation Security Identity Governance and Intelligence Cloud Pak for Security Cloud Pak System Concert Financial Transaction Manager Content Navigator Jazz Reporting Service
CVE IDTitleCVSSSeverityPublished
CVE-2025-1838 IBM Cloud Pak for Business Automation denial of service — Cloud Pak for Business AutomationCWE-602 6.5 Medium2025-05-03
CVE-2025-1495 IBM Business Automation Workflow missing authentication — IBM Business Automation WorkflowCWE-306 4.3 Medium2025-05-03
CVE-2024-41753 IBM Cloud Pak for Business Automation cross-site scripting — Cloud Pak for Business AutomationCWE-79 6.1 Medium2025-05-03
CVE-2024-55910 IBM Concert Software server-side request forgery — Concert SoftwareCWE-918 6.5 Medium2025-05-02
CVE-2024-55913 IBM Concert Software path traversal — Concert SoftwareCWE-22 5.3 Medium2025-05-02
CVE-2024-55912 IBM Concert Software information disclosure — Concert SoftwareCWE-327 5.9 Medium2025-05-02
CVE-2024-55909 IBM Concert Software denial of service — Concert SoftwareCWE-409 6.5 Medium2025-05-02
CVE-2024-52903 IBM Db2 denial of service — Db2 for Linux, UNIX and WindowsCWE-248 5.3 Medium2025-05-01
CVE-2025-1333 IBM MQ Operator information disclosure — MQ OperatorCWE-214 6.0 Medium2025-05-01
CVE-2025-27365 IBM MQ Operator denial of service — MQ OperatorCWE-416 6.5 Medium2025-05-01
CVE-2025-1551 IBM Operational Decision Manager cross-site scripting — Operational Decision ManagerCWE-79 6.1 Medium2025-04-29
CVE-2025-2986 IBM Maximo Asset Management cross-site scripting — Maximo Asset ManagementCWE-79 5.5 Medium2025-04-25
CVE-2025-25046 IBM InfoSphere Information Server information disclosure — InfoSphere Information ServerCWE-319 3.7 Low2025-04-23
CVE-2025-25045 IBM InfoSphere Information Server information disclosure — InfoSphere Information ServerCWE-209 4.3 Medium2025-04-23
CVE-2024-22351 IBM InfoSphere Information Server session fixation — InfoSphere Information ServerCWE-613 6.3 Medium2025-04-23
CVE-2025-27907 IBM WebSphere Application Server server-side request forgery — WebSphere Application ServerCWE-918 4.1 Medium2025-04-22
CVE-2025-1951 IBM Hardware Management Console - Power Systems command execution — Hardware Management Console - Power SystemsCWE-250 8.4 High2025-04-22
CVE-2025-1950 IBM Hardware Management Console - Power Systems command execution — Hardware Management Console - Power SystemsCWE-114 9.3 Critical2025-04-22
CVE-2025-2987 IBM Maximo Asset Management server-side request forgery — Maximo Asset ManagementCWE-918 3.8 Low2025-04-21
CVE-2025-2950 IBM i improper HTTP header neutralization — iCWE-644 5.4 Medium2025-04-18
CVE-2024-45651 IBM Sterling Connect:Direct Web Services session fixation — Sterling Connect:Direct Web ServicesCWE-613 6.3 Medium2025-04-18
CVE-2024-49808 IBM Sterling Connect:Direct Web Services improper authorization — Sterling Connect:Direct Web ServicesCWE-863 6.3 Medium2025-04-18
CVE-2025-2947 IBM i privilege escalation — iCWE-278 7.2 High2025-04-17
CVE-2024-22314 IBM Storage Defender - Resiliency Service information disclosure — Storage Defender - Resiliency ServiceCWE-327 5.9 Medium2025-04-16
CVE-2022-43850 IBM Aspera Console cross-site scripting — Aspera ConsoleCWE-79 5.4 Medium2025-04-14
CVE-2022-43840 IBM Aspera Console XPath injection — Aspera ConsoleCWE-643 4.3 Medium2025-04-14
CVE-2022-43851 IBM Aspera Console information disclosure — Aspera ConsoleCWE-327 5.9 Medium2025-04-14
CVE-2023-27272 IBM Aspera Console weak password requirements — Aspera ConsoleCWE-521 3.1 Low2025-04-14
CVE-2022-43852 IBM Aspera Console information disclosure — Aspera ConsoleCWE-497 5.3 Medium2025-04-14
CVE-2022-43847 IBM Aspera Console HTTP header injection — Aspera ConsoleCWE-644 5.4 Medium2025-04-14

This page lists every published CVE security advisory associated with IBM. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.