Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

IBM — Vulnerabilities & Security Advisories 4629

Browse all 4629 CVE security advisories affecting IBM. AI-powered Chinese analysis, POCs, and references for each vulnerability.

IBM operates as a multinational technology and consulting corporation, primarily providing enterprise software, hybrid cloud services, and artificial intelligence solutions. Its extensive portfolio, including the Red Hat OpenShift platform and Watson AI suite, creates a broad attack surface that has historically been associated with Remote Code Execution (RCE) vulnerabilities, particularly within web application frameworks and middleware. Cross-site scripting (XSS) and privilege escalation flaws also frequently appear in its legacy enterprise applications and containerized environments. While the company maintains robust security protocols, past incidents have included data breaches affecting customer information and supply chain compromises. The high volume of recorded Common Vulnerabilities and Exposures (CVEs) reflects the complexity and scale of its global infrastructure rather than inherent systemic failure, though it necessitates rigorous patch management and continuous monitoring for enterprise clients relying on its diverse technological stack.

Top products by IBM: DB2 for Linux, UNIX and Windows InfoSphere Information Server Sterling B2B Integrator WebSphere Application Server Security Guardium QRadar SIEM Cognos Analytics MQ Maximo Asset Management API Connect Rational Quality Manager Rational Collaborative Lifecycle Management Security Key Lifecycle Manager i AIX Spectrum Protect Plus Robotic Process Automation Spectrum Scale UrbanCode Deploy Cognos Controller Aspera Faspex Sterling File Gateway Rational DOORS Next Generation Security Identity Governance and Intelligence Cloud Pak for Security Cloud Pak System Concert Financial Transaction Manager Content Navigator Jazz Reporting Service
CVE IDTitleCVSSSeverityPublished
CVE-2024-22315 IBM Fusion improper communication restriction — FusionCWE-923 4.0 Medium2025-01-28
CVE-2023-50316 IBM Sterling B2B Integrator information disclosure — Sterling B2B IntegratorCWE-89 6.3 Medium2025-01-28
CVE-2024-27263 IBM Sterling B2B Integrator information disclosure — Sterling B2B IntegratorCWE-300 5.3 Medium2025-01-28
CVE-2024-28786 IBM QRadar SIEM information disclosure — QRadar SIEMCWE-319 6.5 Medium2025-01-27
CVE-2024-37526 IBM Watson Query on Cloud Pak for Data information disclosure — Data VirtualizationCWE-497 6.5 Medium2025-01-27
CVE-2024-27256 IBM MQ Operator information disclosure — MQ OperatorCWE-327 5.9 Medium2025-01-27
CVE-2023-52292 IBM Sterling File Gateway cross-site scripting — Sterling File GatewayCWE-79 6.4 Medium2025-01-27
CVE-2023-47159 IBM Sterling File Gateway information disclosure — Sterling File GatewayCWE-204 4.3 Medium2025-01-27
CVE-2024-22316 IBM Sterling File Gateway improper access control — Sterling File GatewayCWE-863 4.3 Medium2025-01-27
CVE-2024-37527 IBM OpenPages with Watson cross-site scripting — OpenPages with WatsonCWE-79 5.4 Medium2025-01-27
CVE-2024-38320 IBM Storage Protect for Virtual Environments: Data Protection for VMware information disclosure — Storage Protect for Virtual Environments: Data Protection for VMwareCWE-327 5.9 Medium2025-01-27
CVE-2024-38325 IBM Storage Defender information disclosure — Storage Defender - Resiliency ServiceCWE-311 5.9 Medium2025-01-27
CVE-2023-46187 IBM InfoSphere Master Data Management cross-site scripting — InfoSphere Master Data ManagementCWE-79 5.4 Medium2025-01-27
CVE-2024-28766 IBM Security Directory Integrator information disclosure — Security Directory IntegratorCWE-548 2.4 Low2025-01-27
CVE-2024-28770 IBM Security Directory Integrator information disclosure — Security Directory IntegratorCWE-614 4.8 Medium2025-01-27
CVE-2024-28771 IBM Security Directory Integrator information disclosure — Security Directory IntegratorCWE-614 4.8 Medium2025-01-27
CVE-2023-38009 IBM Cognos Analytics Mobile information disclosure — Cognos Analytics MobileCWE-295 4.2 Medium2025-01-26
CVE-2023-50946 IBM Common Licensing information disclosure — Common LicensingCWE-863 6.5 Medium2025-01-26
CVE-2023-50945 IBM Common Licensing information disclosure — Common LicensingCWE-256 6.2 Medium2025-01-26
CVE-2024-31906 IBM Automation Decision Services information disclosure — Automation Decision ServicesCWE-525 6.2 Medium2025-01-26
CVE-2024-35150 IBM Maximo Application Suite log manipulation — Maximo Application SuiteCWE-117 5.3 Medium2025-01-25
CVE-2024-35148 IBM Maximo Application Suite SQL injection — Maximo Application SuiteCWE-89 6.3 Medium2025-01-25
CVE-2024-35144 IBM Maximo Application Suite information disclosure — Maximo Application SuiteCWE-540 5.3 Medium2025-01-25
CVE-2024-35145 IBM Maximo Application Suite cross-site scripting — Maximo Application SuiteCWE-79 6.1 Medium2025-01-25
CVE-2024-35134 IBM Analytics Content Hub information disclosure — Analytics Content HubCWE-209 5.3 Medium2025-01-25
CVE-2024-39750 IBM Analytics Content Hub buffer overflow — Analytics Content HubCWE-120 8.8 High2025-01-25
CVE-2023-38271 IBM Cloud Pak System information disclosure — Cloud Pak SystemCWE-532 4.3 Medium2025-01-25
CVE-2023-38713 IBM Cloud Pak System information disclosure — Cloud Pak SystemCWE-209 5.3 Medium2025-01-25
CVE-2023-38714 IBM Cloud Pak System information disclosure — Cloud Pak SystemCWE-209 5.3 Medium2025-01-25
CVE-2023-38013 IBM Cloud Pak System information disclosure — Cloud Pak SystemCWE-201 5.3 Medium2025-01-25

This page lists every published CVE security advisory associated with IBM. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.