Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

IBM — Vulnerabilities & Security Advisories 4629

Browse all 4629 CVE security advisories affecting IBM. AI-powered Chinese analysis, POCs, and references for each vulnerability.

IBM operates as a multinational technology and consulting corporation, primarily providing enterprise software, hybrid cloud services, and artificial intelligence solutions. Its extensive portfolio, including the Red Hat OpenShift platform and Watson AI suite, creates a broad attack surface that has historically been associated with Remote Code Execution (RCE) vulnerabilities, particularly within web application frameworks and middleware. Cross-site scripting (XSS) and privilege escalation flaws also frequently appear in its legacy enterprise applications and containerized environments. While the company maintains robust security protocols, past incidents have included data breaches affecting customer information and supply chain compromises. The high volume of recorded Common Vulnerabilities and Exposures (CVEs) reflects the complexity and scale of its global infrastructure rather than inherent systemic failure, though it necessitates rigorous patch management and continuous monitoring for enterprise clients relying on its diverse technological stack.

Top products by IBM: DB2 for Linux, UNIX and Windows InfoSphere Information Server Sterling B2B Integrator WebSphere Application Server Security Guardium QRadar SIEM Cognos Analytics MQ Maximo Asset Management API Connect Rational Quality Manager Rational Collaborative Lifecycle Management Security Key Lifecycle Manager i AIX Spectrum Protect Plus Robotic Process Automation Spectrum Scale UrbanCode Deploy Cognos Controller Aspera Faspex Sterling File Gateway Rational DOORS Next Generation Security Identity Governance and Intelligence Cloud Pak for Security Cloud Pak System Concert Financial Transaction Manager Content Navigator Jazz Reporting Service
CVE IDTitleCVSSSeverityPublished
CVE-2024-45654 IBM Security ReaQta improper input validation — Security ReaQtaCWE-807 4.3 Medium2025-01-19
CVE-2024-45662 IBM Safer Payments denial of service — Safer PaymentsCWE-770 7.5 High2025-01-18
CVE-2024-47106 IBM Jazz for Service Management information disclosure — Jazz for Service ManagementCWE-552 5.3 Medium2025-01-18
CVE-2024-47113 IBM ICP - Voice Gateway XML injection — Voice GatewayCWE-91 8.1 High2025-01-18
CVE-2024-49354 IBM Concert information disclosure — Concert SoftwareCWE-213 5.3 Medium2025-01-18
CVE-2024-49824 IBM Robotic Process Automation security bypass — Robotic Process AutomationCWE-602 6.5 Medium2025-01-18
CVE-2024-51448 IBM Robotic Process Automation privilege escalation — Robotic Process AutomationCWE-277 6.7 Medium2025-01-18
CVE-2024-49338 IBM App Connect Enterprise information disclosure — App Connect EnterpriseCWE-1323 4.4 Medium2025-01-18
CVE-2024-51462 IBM QRadar WinCollect Agent data manipulation — QRadar WinCollect AgentCWE-471 4.0 Medium2025-01-17
CVE-2024-52363 IBM InfoSphere Information Server directory traversal — InfoSphere Information ServerCWE-22 6.5 Medium2025-01-17
CVE-2024-41746 IBM CICS TX cross-site scripting — CICS TX AdvancedCWE-79 7.2 High2025-01-16
CVE-2024-52898 IBM MQ information disclosure — MQCWE-209 6.2 Medium2025-01-14
CVE-2024-51456 IBM Robotic Process Automation information disclosure — Robotic Process AutomationCWE-780 5.9 Medium2025-01-12
CVE-2021-29669 IBM Jazz Foundation cross-site scripting — Jazz FoundationCWE-79 5.4 Medium2025-01-12
CVE-2024-49785 IBM watsonx.ai cross-site scripting — watsonx.aiCWE-79 5.4 Medium2025-01-12
CVE-2024-41787 IBM Engineering Requirements Management DOORS Next code execution — Engineering Requirements Management DOORS NextCWE-367 9.8 Critical2025-01-10
CVE-2022-22491 IBM App Connect Enterprise Certified Container denial of service — App Connect Enterprise Certified ContainerCWE-770 5.5 Medium2025-01-09
CVE-2024-43176 IBM OpenPages information disclosure — OpenPagesCWE-282 5.4 Medium2025-01-09
CVE-2024-40679 IBM Db2 information disclosure — Db2CWE-532 5.5 Medium2025-01-08
CVE-2022-22363 IBM Cognos Controller information disclosure — ControllerCWE-209 4.3 Medium2025-01-07
CVE-2021-20455 IBM Cognos Controller information disclosure — ControllerCWE-209 3.7 Low2025-01-07
CVE-2024-40702 IBM Cognos Controller improper certificate validation — ControllerCWE-295 8.2 High2025-01-07
CVE-2024-28778 IBM Cognos Controller information disclosure — ControllerCWE-798 6.5 Medium2025-01-07
CVE-2024-25037 IBM Cognos Controller information disclosure — ControllerCWE-209 4.3 Medium2025-01-07
CVE-2024-45100 IBM Security QRadar EDR denial of service — Security QRadar EDRCWE-770 4.9 Medium2025-01-07
CVE-2024-45640 IBM Security QRadar EDR information disclosure — Security QRadar EDRCWE-497 5.3 Medium2025-01-07
CVE-2024-52893 IBM Concert Software information disclosure — Concert SoftwareCWE-209 5.3 Medium2025-01-07
CVE-2024-52366 IBM Concert Software information disclosure — Concert SoftwareCWE-327 5.9 Medium2025-01-07
CVE-2024-52891 IBM Concert Software log manipulation — Concert SoftwareCWE-117 5.4 Medium2025-01-07
CVE-2024-52367 IBM Concert Software information disclosure — Concert SoftwareCWE-497 5.3 Medium2025-01-07

This page lists every published CVE security advisory associated with IBM. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.