Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

IBM — Vulnerabilities & Security Advisories 4629

Browse all 4629 CVE security advisories affecting IBM. AI-powered Chinese analysis, POCs, and references for each vulnerability.

IBM operates as a multinational technology and consulting corporation, primarily providing enterprise software, hybrid cloud services, and artificial intelligence solutions. Its extensive portfolio, including the Red Hat OpenShift platform and Watson AI suite, creates a broad attack surface that has historically been associated with Remote Code Execution (RCE) vulnerabilities, particularly within web application frameworks and middleware. Cross-site scripting (XSS) and privilege escalation flaws also frequently appear in its legacy enterprise applications and containerized environments. While the company maintains robust security protocols, past incidents have included data breaches affecting customer information and supply chain compromises. The high volume of recorded Common Vulnerabilities and Exposures (CVEs) reflects the complexity and scale of its global infrastructure rather than inherent systemic failure, though it necessitates rigorous patch management and continuous monitoring for enterprise clients relying on its diverse technological stack.

Top products by IBM: DB2 for Linux, UNIX and Windows InfoSphere Information Server Sterling B2B Integrator WebSphere Application Server Security Guardium QRadar SIEM Cognos Analytics MQ Maximo Asset Management API Connect Rational Quality Manager Rational Collaborative Lifecycle Management Security Key Lifecycle Manager i AIX Spectrum Protect Plus Robotic Process Automation Spectrum Scale UrbanCode Deploy Cognos Controller Aspera Faspex Sterling File Gateway Rational DOORS Next Generation Security Identity Governance and Intelligence Cloud Pak for Security Cloud Pak System Concert Financial Transaction Manager Content Navigator Jazz Reporting Service
CVE IDTitleCVSSSeverityPublished
CVE-2024-49825 IBM Robotic Process Automation session fixation — Robotic Process AutomationCWE-613 6.3 Medium2025-04-14
CVE-2025-3423 IBM Aspera Faspex 5 cross-site scripting — Aspera FaspexCWE-79 5.4 Medium2025-04-13
CVE-2024-51461 IBM QRadar WinCollect Agent denial of service — QRadar WinCollect AgentCWE-770 4.3 Medium2025-04-11
CVE-2023-43035 IBM Sterling Control Center information disclosure — Sterling Control CenterCWE-525 4.0 Medium2025-04-10
CVE-2023-42007 IBM Sterling Control Center cross-site scripting — Sterling Control CenterCWE-79 5.4 Medium2025-04-10
CVE-2023-43037 IBM Maximo Application Suite improper access control — Maximo Application SuiteCWE-20 6.5 Medium2025-04-10
CVE-2025-25023 IBM Security Guardium information disclosure — Security GuardiumCWE-266 4.9 Medium2025-04-09
CVE-2023-33844 IBM Security Verify Governance cross-site scripting — Security Verify GovernanceCWE-79 5.4 Medium2025-04-09
CVE-2025-1095 IBM Personal Communications command execution — Personal CommunicationsCWE-420 8.8 High2025-04-08
CVE-2025-1500 IBM Maximo Application Suite file upload — Maximo Application SuiteCWE-434 5.5 Medium2025-04-05
CVE-2024-56476 IBM TXSeries for Multiplatforms information disclosure — TXSeries for MultiplatformsCWE-204 5.3 Medium2025-04-02
CVE-2024-56475 IBM TXSeries for Multiplatforms cross-site scripting — TXSeries for MultiplatformsCWE-79 5.4 Medium2025-04-02
CVE-2024-56474 IBM TXSeries for Multiplatforms cross-site request forgery — TXSeries for MultiplatformsCWE-352 4.3 Medium2025-04-02
CVE-2025-0154 IBM TXSeries for Multiplatforms information disclosure — TXSeries for MultiplatformsCWE-644 5.3 Medium2025-04-02
CVE-2024-56341 IBM Content Navigator cross-site scripting — Content NavigatorCWE-79 5.4 Medium2025-04-02
CVE-2024-25051 IBM Jazz Reporting Service insufficient session expiration — Jazz Reporting ServiceCWE-613 6.6 Medium2025-04-02
CVE-2024-55895 IBM InfoSphere Information Server information disclosure — InfoSphere Information ServerCWE-209 2.7 Low2025-03-29
CVE-2024-51477 IBM InfoSphere Information Server information disclosure — InfoSphere Information ServerCWE-203 4.3 Medium2025-03-28
CVE-2024-7577 IBM InfoSphere Information Server information disclosure — InfoSphere Information ServerCWE-532 4.4 Medium2025-03-28
CVE-2024-43186 IBM InfoSphere Information Server information disclosure — InfoSphere Information ServerCWE-256 5.3 Medium2025-03-28
CVE-2025-0986 IBM PowerVM Hypervisor data manipulation — PowerVM HypervisorCWE-409 4.5 Medium2025-03-28
CVE-2023-38272 IBM Cloud Pak System information disclosure — Cloud Pak SystemCWE-300 5.9 Medium2025-03-27
CVE-2023-37405 IBM Cloud Pak System information disclosure — Cloud Pak SystemCWE-311 6.5 Medium2025-03-27
CVE-2025-1998 IBM UrbanCode Deploy (UCD) / IBM DevOps Deploy information disclosure — UrbanCode DeployCWE-532 5.5 Medium2025-03-27
CVE-2025-1997 IBM UrbanCode Deploy (UCD) / IBM DevOps Deploy HTML injection — UrbanCode DeployCWE-80 5.4 Medium2025-03-27
CVE-2024-56469 IBM UrbanCode Deploy (UCD) / IBM DevOps Deploy missing authentication — UrbanCode DeployCWE-306 6.3 Medium2025-03-27
CVE-2022-39163 IBM Cognos Controller HTTP response smuggling — Cognos ControllerCWE-444 4.7 Medium2025-03-26
CVE-2024-31896 IBM SPSS Statistics information disclosure — SPSS StatisticsCWE-327 5.9 Medium2025-03-25
CVE-2023-43029 IBM Storage Virtualize vSphere Remote Plug-in information disclosure — Storage Virtualize vSphere Remote Plug-inCWE-526 6.8 Medium2025-03-21
CVE-2024-51459 IBM InfoSphere Server Information command execution — InfoSphere Information ServerCWE-280 8.4 High2025-03-19

This page lists every published CVE security advisory associated with IBM. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.