Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

IBM — Vulnerabilities & Security Advisories 4629

Browse all 4629 CVE security advisories affecting IBM. AI-powered Chinese analysis, POCs, and references for each vulnerability.

IBM operates as a multinational technology and consulting corporation, primarily providing enterprise software, hybrid cloud services, and artificial intelligence solutions. Its extensive portfolio, including the Red Hat OpenShift platform and Watson AI suite, creates a broad attack surface that has historically been associated with Remote Code Execution (RCE) vulnerabilities, particularly within web application frameworks and middleware. Cross-site scripting (XSS) and privilege escalation flaws also frequently appear in its legacy enterprise applications and containerized environments. While the company maintains robust security protocols, past incidents have included data breaches affecting customer information and supply chain compromises. The high volume of recorded Common Vulnerabilities and Exposures (CVEs) reflects the complexity and scale of its global infrastructure rather than inherent systemic failure, though it necessitates rigorous patch management and continuous monitoring for enterprise clients relying on its diverse technological stack.

Top products by IBM: DB2 for Linux, UNIX and Windows InfoSphere Information Server Sterling B2B Integrator WebSphere Application Server Security Guardium QRadar SIEM Cognos Analytics MQ Maximo Asset Management API Connect Rational Quality Manager Rational Collaborative Lifecycle Management Security Key Lifecycle Manager i AIX Spectrum Protect Plus Robotic Process Automation Spectrum Scale UrbanCode Deploy Cognos Controller Aspera Faspex Sterling File Gateway Rational DOORS Next Generation Security Identity Governance and Intelligence Cloud Pak for Security Cloud Pak System Concert Financial Transaction Manager Content Navigator Jazz Reporting Service
CVE IDTitleCVSSSeverityPublished
CVE-2024-28777 IBM Cognos Controller code execution — Cognos ControllerCWE-502 8.8 High2025-02-19
CVE-2024-28776 IBM Cognos Controller cross-site scripting — Cognos ControllerCWE-79 5.4 Medium2025-02-19
CVE-2024-28780 IBM Cognos Controller information disclosure — Cognos ControllerCWE-327 5.9 Medium2025-02-19
CVE-2024-45081 IBM Cognos Controller incorrect authorization — Cognos ControllerCWE-863 6.5 Medium2025-02-19
CVE-2024-45084 IBM Cognos Controller CSV injection — Cognos ControllerCWE-1236 8.0 High2025-02-19
CVE-2024-52902 IBM Cognos Controller information disclosure — Cognos ControllerCWE-798 8.8 High2025-02-19
CVE-2024-56463 IBM QRadar SIEM cross-site scripting — QRadar SIEMCWE-79 4.8 Medium2025-02-14
CVE-2024-56477 IBM Power Hardware Management Console directory traversal — Power Hardware Management ConsoleCWE-22 6.5 Medium2025-02-14
CVE-2024-52895 IBM i denial of service — iCWE-754 6.5 Medium2025-02-14
CVE-2024-55904 IBM DevOps Deploy / IBM UrbanCode Deploy command injection — UrbanCode DeployCWE-78 7.2 High2025-02-14
CVE-2024-54176 IBM UrbanCode Deploy missing authentication — UrbanCode DeployCWE-306 4.3 Medium2025-02-08
CVE-2025-0158 IBM EntireX denial of service — EntireXCWE-248 5.5 Medium2025-02-06
CVE-2024-56467 IBM EntireX information disclosure — EntireXCWE-209 3.3 Low2025-02-06
CVE-2024-54171 IBM EntireX XML external entity injection — EntireXCWE-611 7.1 High2025-02-06
CVE-2024-52892 IBM Jazz for Service Management Cross-Site Scripting — Jazz for Service ManagementCWE-79 6.1 Medium2025-02-06
CVE-2025-0799 IBM App Connect Enterprise Arbitrary File Write — IBM App Connect EnterpriseCWE-22 6.5 Medium2025-02-06
CVE-2024-51450 IBM Security Verify Directory Command Execution — Security Verify DirectoryCWE-78 9.1 Critical2025-02-06
CVE-2024-49814 IBM Security Verify Access Appliance Privilege Escalation — Security Verify Access ApplianceCWE-250 7.8 High2025-02-06
CVE-2024-49800 IBM ApplinX Information Disclosure — ApplinXCWE-316 4.3 Medium2025-02-05
CVE-2024-49798 IBM ApplinX Information Disclosure — ApplinXCWE-209 4.3 Medium2025-02-05
CVE-2024-49797 IBM ApplinX Information Disclosure — ApplinXCWE-327 5.9 Medium2025-02-05
CVE-2024-49796 IBM ApplinX Clickjacking — ApplinXCWE-1021 5.4 Medium2025-02-05
CVE-2024-49795 IBM ApplinX Cross-Site Request Forgery — ApplinXCWE-352 4.3 Medium2025-02-05
CVE-2024-49794 IBM ApplinX Cross-Site Request Forgery — ApplinXCWE-352 4.3 Medium2025-02-05
CVE-2024-49793 IBM ApplinX Cross-Site Scripting — ApplinXCWE-79 5.4 Medium2025-02-05
CVE-2024-49792 IBM ApplinX Cross-Site Scripting — ApplinXCWE-79 5.4 Medium2025-02-05
CVE-2024-49791 IBM ApplinX Cross-Site Scripting — ApplinXCWE-79 6.4 Medium2025-02-05
CVE-2024-56473 IBM Aspera Shares Data Manipulation — Aspera SharesCWE-117 5.3 Medium2025-02-05
CVE-2024-56472 IBM Aspera Shares Cross-Site Scripting — Aspera SharesCWE-79 6.4 Medium2025-02-05
CVE-2024-56471 IBM Aspera Shares Server-Side Request Forgery — Aspera SharesCWE-918 5.4 Medium2025-02-05

This page lists every published CVE security advisory associated with IBM. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.