Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

IBM — Vulnerabilities & Security Advisories 4629

Browse all 4629 CVE security advisories affecting IBM. AI-powered Chinese analysis, POCs, and references for each vulnerability.

IBM operates as a multinational technology and consulting corporation, primarily providing enterprise software, hybrid cloud services, and artificial intelligence solutions. Its extensive portfolio, including the Red Hat OpenShift platform and Watson AI suite, creates a broad attack surface that has historically been associated with Remote Code Execution (RCE) vulnerabilities, particularly within web application frameworks and middleware. Cross-site scripting (XSS) and privilege escalation flaws also frequently appear in its legacy enterprise applications and containerized environments. While the company maintains robust security protocols, past incidents have included data breaches affecting customer information and supply chain compromises. The high volume of recorded Common Vulnerabilities and Exposures (CVEs) reflects the complexity and scale of its global infrastructure rather than inherent systemic failure, though it necessitates rigorous patch management and continuous monitoring for enterprise clients relying on its diverse technological stack.

Top products by IBM: DB2 for Linux, UNIX and Windows InfoSphere Information Server Sterling B2B Integrator WebSphere Application Server Security Guardium QRadar SIEM Cognos Analytics MQ Maximo Asset Management API Connect Rational Quality Manager Rational Collaborative Lifecycle Management Security Key Lifecycle Manager i AIX Spectrum Protect Plus Robotic Process Automation Spectrum Scale UrbanCode Deploy Cognos Controller Aspera Faspex Sterling File Gateway Rational DOORS Next Generation Security Identity Governance and Intelligence Cloud Pak for Security Cloud Pak System Concert Financial Transaction Manager Content Navigator Jazz Reporting Service
CVE IDTitleCVSSSeverityPublished
CVE-2025-36422 IBM InfoSphere Information Server is vulnerable to cross-site request forgery — InfoSphere Information ServerCWE-352 4.3 Medium2026-03-25
CVE-2025-36258 IBM InfoSphere Information Server is vulnerable due to plaintext storage of a password — InfoSphere Information ServerCWE-256 7.1 High2026-03-25
CVE-2026-2485 IBM InfoSphere Information Server Cross-Site Scripting — InfoSphere Information ServerCWE-79 4.8 Medium2026-03-25
CVE-2025-14974 IBM InfoSphere Information Server is vulnerable due to Insecure Direct Object Reference — InfoSphere Information ServerCWE-639 5.7 Medium2026-03-25
CVE-2026-1262 IBM InfoSphere Information Server Information Disclosure — InfoSphere Information ServerCWE-209 4.3 Medium2026-03-25
CVE-2025-14917 IBM WebSphere Application Server Liberty could provide weaker than expected security — WebSphere Application Server - LibertyCWE-1393 6.7 Medium2026-03-25
CVE-2025-14912 IBM InfoSphere Information Server is vulnerable to server-side request forgery — InfoSphere Information ServerCWE-918 5.4 Medium2026-03-25
CVE-2025-14915 IBM WebSphere Application Server Liberty is affected by a privilege escalation vulnerability — WebSphere Application Server - LibertyCWE-200 6.5 Medium2026-03-25
CVE-2025-14810 IBM InfoSphere Information Server is vulnerable due to insufficient session expiration — InfoSphere Information ServerCWE-613 6.3 Medium2026-03-25
CVE-2026-1561 IBM WebSphere Application Server Liberty Server-Side Request Forgery — WebSphere Application Server LibertyCWE-918 5.4 Medium2026-03-25
CVE-2025-14808 IBM InfoSphere Information Server is vulnerable due to disclosure of sensitive information — InfoSphere Information ServerCWE-598 3.1 Low2026-03-25
CVE-2025-14790 IBM InfoSphere Information Server is vulnerable to disclosure of sensitive information — InfoSphere Information ServerCWE-522 6.5 Medium2026-03-25
CVE-2025-12708 Multiple Vulnerabilities in IBM Concert Software — ConcertCWE-798 6.2 Medium2026-03-25
CVE-2025-36051 IBM QRadar SIEM Information Disclosure — QRadar SIEMCWE-538 6.2 Medium2026-03-19
CVE-2025-13995 IBM QRadar SIEM Information Disclosure — QRadarCWE-1286 5.0 Medium2026-03-19
CVE-2025-15051 IBM QRadar SIEM Cross-Site Scripting — QRadar SIEMCWE-79 5.4 Medium2026-03-19
CVE-2026-1276 IBM QRadar SIEM Cross-Site Scripting — QRadar SIEMCWE-79 5.4 Medium2026-03-19
CVE-2026-1264 IBM Sterling B2B Integrator and IBM Sterling File Gateway Improper Access Controls — Sterling B2B IntegratorCWE-306 7.1 High2026-03-17
CVE-2025-14031 IBM Sterling B2B Integrator and IBM Sterling File Gateway Denial of Service — Sterling B2B IntegratorCWE-77 7.5 High2026-03-17
CVE-2026-3856 IBM Db2 Recovery Expert Missing Integrity Check — Db2 Recovery ExpertCWE-353 5.3 Medium2026-03-17
CVE-2026-1376 IBM i Denial of Service — iCWE-770 7.5 High2026-03-17
CVE-2026-1267 IBM Planning Analytics Information Disclosure — Planning Analytics LocalCWE-200 6.5 Medium2026-03-17
CVE-2025-14806 IBM Planning Analytics Information Disclosure — Planning Analytics LocalCWE-524 5.7 Medium2026-03-17
CVE-2026-0977 IBM CICS Transaction Gateway for Multiplatforms Information Disclosure — CICS Transaction Gateway for MultiplatformsCWE-284 5.1 Medium2026-03-13
CVE-2025-13212 IBM Aspera Console Denial of Service — Aspera ConsoleCWE-799 5.3 Medium2026-03-13
CVE-2025-13459 IBM Aspera Console Denial of Service — Aspera ConsoleCWE-841 2.7 Low2026-03-13
CVE-2025-13460 IBM Aspera Console Information Disclosure — Aspera ConsoleCWE-204 5.3 Medium2026-03-13
CVE-2025-36368 IBM Sterling B2B Integrator and IBM Sterling File Gateway SQL Injection — Sterling B2B IntegratorCWE-89 6.5 Medium2026-03-13
CVE-2023-40693 IBM Sterling B2B Integrator and IBM Sterling File Gateway Cross-Site Scripting — Sterling B2B IntegratorCWE-79 5.4 Medium2026-03-13
CVE-2025-14483 IBM Sterling B2B Integrator and IBM Sterling File Gateway Information Disclosure — Sterling B2B IntegratorCWE-201 4.3 Medium2026-03-13

This page lists every published CVE security advisory associated with IBM. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.