Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

IBM — Vulnerabilities & Security Advisories 4629

Browse all 4629 CVE security advisories affecting IBM. AI-powered Chinese analysis, POCs, and references for each vulnerability.

IBM operates as a multinational technology and consulting corporation, primarily providing enterprise software, hybrid cloud services, and artificial intelligence solutions. Its extensive portfolio, including the Red Hat OpenShift platform and Watson AI suite, creates a broad attack surface that has historically been associated with Remote Code Execution (RCE) vulnerabilities, particularly within web application frameworks and middleware. Cross-site scripting (XSS) and privilege escalation flaws also frequently appear in its legacy enterprise applications and containerized environments. While the company maintains robust security protocols, past incidents have included data breaches affecting customer information and supply chain compromises. The high volume of recorded Common Vulnerabilities and Exposures (CVEs) reflects the complexity and scale of its global infrastructure rather than inherent systemic failure, though it necessitates rigorous patch management and continuous monitoring for enterprise clients relying on its diverse technological stack.

Top products by IBM: DB2 for Linux, UNIX and Windows InfoSphere Information Server Sterling B2B Integrator WebSphere Application Server Security Guardium QRadar SIEM Cognos Analytics MQ Maximo Asset Management API Connect Rational Quality Manager Rational Collaborative Lifecycle Management Security Key Lifecycle Manager i AIX Spectrum Protect Plus Robotic Process Automation Spectrum Scale UrbanCode Deploy Cognos Controller Aspera Faspex Sterling File Gateway Rational DOORS Next Generation Security Identity Governance and Intelligence Cloud Pak for Security Cloud Pak System Concert Financial Transaction Manager Content Navigator Jazz Reporting Service
CVE IDTitleCVSSSeverityPublished
CVE-2024-56470 IBM Aspera Shares Server-Side Request Forgery — Aspera SharesCWE-918 5.4 Medium2025-02-05
CVE-2024-38318 IBM Aspera Shares HTML injection — Aspera SharesCWE-80 4.8 Medium2025-02-05
CVE-2024-38317 IBM Aspera Shares Cross-Site Scripting — Aspera SharesCWE-79 4.8 Medium2025-02-05
CVE-2024-38316 IBM Aspera Shares Denial of Service — Aspera SharesCWE-770 4.3 Medium2025-02-05
CVE-2024-49348 IBM Cloud Pak for Business Automation incorrect privilege assignment — Cloud Pak for Business AutomationCWE-266 4.3 Medium2025-02-05
CVE-2024-52365 IBM Cloud Pak for Business Automation cross-site scripting — Cloud Pak for Business AutomationCWE-79 6.4 Medium2025-02-05
CVE-2024-52364 IBM Cloud Pak for Business Automation cross-site scripting — Cloud Pak for Business AutomationCWE-79 5.4 Medium2025-02-05
CVE-2024-49352 IBM Cognos Anaytics XML external entity injection — Cognos AnalyticsCWE-611 7.1 High2025-02-05
CVE-2024-45657 IBM Security Verify Access incorrect privilege assignment — Security Verify Access ApplianceCWE-732 5.0 Medium2025-02-04
CVE-2024-35138 IBM Security Verify Access cross-site request forgery — Security Verify Access ApplianceCWE-352 6.5 Medium2025-02-04
CVE-2024-43187 IBM Security Verify Access information disclosure — Security Verify Access ApplianceCWE-319 5.9 Medium2025-02-04
CVE-2024-45658 IBM Security Verify Access information disclosure — Security Verify Access ApplianceCWE-209 2.7 Low2025-02-04
CVE-2024-40700 IBM Security Verify Access cross-site scripting — Security Verify Access ApplianceCWE-79 6.1 Medium2025-02-04
CVE-2024-45659 IBM Security Verify Access information disclosure — Security Verify Access ApplianceCWE-209 5.3 Medium2025-02-04
CVE-2024-49349 IBM Financial Transaction Manager cross-site scripting — Financial Transaction Manager for SWIFT Services for MultiplatformsCWE-79 6.1 Medium2025-01-31
CVE-2024-49339 IBM Financial Transaction Manager cross-site scripting — Financial Transaction Manager for SWIFT Services for MultiplatformsCWE-79 6.4 Medium2025-01-31
CVE-2024-47116 IBM Sterling B2B Integrator cross-site scripting — Sterling B2B IntegratorCWE-79 5.4 Medium2025-01-31
CVE-2024-45089 IBM Sterling B2B Integrator information disclosure — Sterling B2B IntegratorCWE-203 4.3 Medium2025-01-31
CVE-2024-49807 IBM Sterling B2B Integrator cross-site scripting — Sterling B2B IntegratorCWE-79 6.4 Medium2025-01-31
CVE-2024-40696 IBM Sterling B2B Integrator cross-site scripting — Sterling B2B IntegratorCWE-79 4.8 Medium2025-01-31
CVE-2024-47103 IBM Sterling B2B Integrator cross-site scripting — Sterling B2B IntegratorCWE-79 4.8 Medium2025-01-31
CVE-2023-38739 IBM Sterling B2B Integrator cross-site request forgery — Sterling B2B IntegratorCWE-352 4.3 Medium2025-01-31
CVE-2024-45650 IBM Security Verify Directory denial of service — Security Verify DirectoryCWE-754 7.5 High2025-01-31
CVE-2022-43916 IBM App Connect Enterprise Certified Container improper communications restriction — App Connect Enterprise Certified ContainerCWE-923 6.8 Medium2025-01-30
CVE-2023-35907 IBM Aspera Faspex information disclosure — Aspera FaspexCWE-521 5.9 Medium2025-01-29
CVE-2023-37413 IBM Aspera Faspex information disclosure — Aspera FaspexCWE-204 5.3 Medium2025-01-29
CVE-2023-37398 IBM Aspera Faspex information disclosure — Aspera FaspexCWE-521 5.9 Medium2025-01-29
CVE-2023-37412 IBM Aspera Faspex improper access control — Aspera FaspexCWE-250 4.4 Medium2025-01-29
CVE-2023-33838 IBM Security Verify Governance information disclosure — Security Verify GovernanceCWE-759 4.4 Medium2025-01-29
CVE-2023-35017 IBM Security Verify Governance information — Security Verify GovernanceCWE-319 5.9 Medium2025-01-29

This page lists every published CVE security advisory associated with IBM. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.