Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

IBM — Vulnerabilities & Security Advisories 4629

Browse all 4629 CVE security advisories affecting IBM. AI-powered Chinese analysis, POCs, and references for each vulnerability.

IBM operates as a multinational technology and consulting corporation, primarily providing enterprise software, hybrid cloud services, and artificial intelligence solutions. Its extensive portfolio, including the Red Hat OpenShift platform and Watson AI suite, creates a broad attack surface that has historically been associated with Remote Code Execution (RCE) vulnerabilities, particularly within web application frameworks and middleware. Cross-site scripting (XSS) and privilege escalation flaws also frequently appear in its legacy enterprise applications and containerized environments. While the company maintains robust security protocols, past incidents have included data breaches affecting customer information and supply chain compromises. The high volume of recorded Common Vulnerabilities and Exposures (CVEs) reflects the complexity and scale of its global infrastructure rather than inherent systemic failure, though it necessitates rigorous patch management and continuous monitoring for enterprise clients relying on its diverse technological stack.

Top products by IBM: DB2 for Linux, UNIX and Windows InfoSphere Information Server Sterling B2B Integrator WebSphere Application Server Security Guardium QRadar SIEM Cognos Analytics MQ Maximo Asset Management API Connect Rational Quality Manager Rational Collaborative Lifecycle Management Security Key Lifecycle Manager i AIX Spectrum Protect Plus Robotic Process Automation Spectrum Scale UrbanCode Deploy Cognos Controller Aspera Faspex Sterling File Gateway Rational DOORS Next Generation Security Identity Governance and Intelligence Cloud Pak for Security Cloud Pak System Concert Financial Transaction Manager Content Navigator Jazz Reporting Service
CVE IDTitleCVSSSeverityPublished
CVE-2024-51472 IBM DevOps Deploy / IBM UrbanCode Deploy HTML injection — DevOps DeployCWE-80 3.1 Low2025-01-06
CVE-2024-31914 IBM Sterling B2B Integrator cross-site scripting — Sterling B2B Integrator Standard EditionCWE-79 6.4 Medium2025-01-06
CVE-2024-31913 IBM Sterling B2B Integrator cross-site scripting — Sterling B2B Integrator Standard EditionCWE-79 5.5 Medium2025-01-06
CVE-2024-41763 IBM Engineering Lifecycle Optimization - Publishing information disclosure — Engineering Lifecycle Optimization PublishingCWE-327 5.9 Medium2025-01-04
CVE-2024-41766 IBM Engineering Lifecycle Optimization - Publishing denial of service — Engineering Lifecycle Optimization PublishingCWE-1333 7.5 High2025-01-04
CVE-2024-41765 IBM Engineering Lifecycle Optimization - Publishing directory traversal — Engineering Lifecycle Optimization PublishingCWE-22 6.5 Medium2025-01-04
CVE-2024-41767 IBM Engineering Lifecycle Optimization - Publishing SQL injection — Engineering Lifecycle Optimization PublishingCWE-89 7.3 High2025-01-04
CVE-2024-41768 IBM Engineering Lifecycle Optimization - Publishing unhandled SLL exception — Engineering Lifecycle Optimization PublishingCWE-544 6.5 Medium2025-01-04
CVE-2024-55897 IBM PowerHA SystemMirror for i information disclosure — i 4.3 Medium2025-01-03
CVE-2024-55896 IBM PowerHA SystemMirror for i clickjacking — iCWE-451 5.4 Medium2025-01-03
CVE-2024-41780 IBM Jazz Foundation information disclosure — Jazz FoundationCWE-359 4.2 Medium2025-01-03
CVE-2024-5591 IBM Jazz Foundation information disclosure — Jazz FoundationCWE-209 4.3 Medium2025-01-03
CVE-2024-54181 IBM WebSphere Automation command injection — WebSphere AutomationCWE-78 7.2 High2024-12-30
CVE-2024-52906 IBM AIX denial of service — AIXCWE-362 5.5 Medium2024-12-25
CVE-2024-47102 IBM AIX denial of service — AIXCWE-863 5.5 Medium2024-12-25
CVE-2024-39727 IBM Engineering Lifecycle Optimization - Engineering Insights tabnabbing — Engineering InsightsCWE-1022 6.1 Medium2024-12-25
CVE-2024-39725 IBM Engineering Lifecycle Optimization - Engineering Insights information disclosure — Engineering InsightsCWE-209 5.3 Medium2024-12-25
CVE-2024-51463 IBM i server-side request forgery — iCWE-918 5.4 Medium2024-12-21
CVE-2024-51464 IBM i authentication bypass — iCWE-288 4.3 Medium2024-12-21
CVE-2024-28767 IBM Security Directory Integrator command execution — Security Directory IntegratorCWE-78 6.8 Medium2024-12-20
CVE-2024-40695 IBM Cognos Analytics file upload — Cognos AnalyticsCWE-434 8.0 High2024-12-20
CVE-2024-51466 IBM Cognos Analytics expression language injection — Cognos AnalyticsCWE-917 9.0 Critical2024-12-20
CVE-2024-49336 IBM Security Guardium server-side request forgery — Security GuardiumCWE-918 6.5 Medium2024-12-19
CVE-2024-52897 IBM MQ information disclosure — MQCWE-209 6.2 Medium2024-12-19
CVE-2024-51471 IBM MQ Appliance denial of service — MQ ApplianceCWE-125 5.3 Medium2024-12-19
CVE-2024-52896 IBM MQ information disclosure — MQCWE-209 6.2 Medium2024-12-19
CVE-2024-35141 IBM Security Verify Access privilege escalation — Security Verify Access DockerCWE-250 7.8 High2024-12-19
CVE-2023-30443 IBM Db2 denial of service — Db2 for Linux, UNIX and WindowsCWE-770 5.3 Medium2024-12-19
CVE-2022-33954 IBM Robotic Process Automation information disclosure — Robotic Process AutomationCWE-522 4.6 Medium2024-12-19
CVE-2021-39081 IBM Cognos Analytics Mobile information disclosure — Cognos Analytics Mobile for AndroidCWE-319 5.9 Medium2024-12-19

This page lists every published CVE security advisory associated with IBM. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.