Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

IBM — Vulnerabilities & Security Advisories 4629

Browse all 4629 CVE security advisories affecting IBM. AI-powered Chinese analysis, POCs, and references for each vulnerability.

IBM operates as a multinational technology and consulting corporation, primarily providing enterprise software, hybrid cloud services, and artificial intelligence solutions. Its extensive portfolio, including the Red Hat OpenShift platform and Watson AI suite, creates a broad attack surface that has historically been associated with Remote Code Execution (RCE) vulnerabilities, particularly within web application frameworks and middleware. Cross-site scripting (XSS) and privilege escalation flaws also frequently appear in its legacy enterprise applications and containerized environments. While the company maintains robust security protocols, past incidents have included data breaches affecting customer information and supply chain compromises. The high volume of recorded Common Vulnerabilities and Exposures (CVEs) reflects the complexity and scale of its global infrastructure rather than inherent systemic failure, though it necessitates rigorous patch management and continuous monitoring for enterprise clients relying on its diverse technological stack.

Top products by IBM: DB2 for Linux, UNIX and Windows InfoSphere Information Server Sterling B2B Integrator WebSphere Application Server Security Guardium QRadar SIEM Cognos Analytics MQ Maximo Asset Management API Connect Rational Quality Manager Rational Collaborative Lifecycle Management Security Key Lifecycle Manager i AIX Spectrum Protect Plus Robotic Process Automation Spectrum Scale UrbanCode Deploy Cognos Controller Aspera Faspex Sterling File Gateway Rational DOORS Next Generation Security Identity Governance and Intelligence Cloud Pak for Security Cloud Pak System Concert Financial Transaction Manager Content Navigator Jazz Reporting Service
CVE IDTitleCVSSSeverityPublished
CVE-2024-45099 IBM Security ReaQta cross-site scripting — Security ReaQtaCWE-79 3.1 Low2024-11-14
CVE-2024-45670 IBM Security SOAR weak password recovery mechanism — Security SOARCWE-640 5.6 Medium2024-11-14
CVE-2024-45087 IBM WebSphere Application Server cross-site scripting — WebSphere Application ServerCWE-79 4.8 Medium2024-11-11
CVE-2024-45088 IBM Maximo Asset Management cross-site scripting — Maximo Asset ManagementCWE-79 6.4 Medium2024-11-11
CVE-2024-35146 IBM Maximo Application Suite cross-site scripting — Maximo Application SuiteCWE-79 5.4 Medium2024-11-06
CVE-2024-45086 IBM WebSphere Application Server XML external entity injection — WebSphere Application ServerCWE-611 5.5 Medium2024-11-04
CVE-2024-41744 IBM CICS TX Standard cross-site request forgery — CICS TX Standard 6.5 Medium2024-11-01
CVE-2024-41745 IBM CICS TX Standard cross-site scripting — CICS TX StandardCWE-79 6.1 Medium2024-11-01
CVE-2024-41741 IBM TXSeries for Multiplatforms information disclosure — TXSeries for MultiplatformsCWE-208 5.3 Medium2024-11-01
CVE-2024-41738 IBM TXSeries for Multiplatforms information disclosure — TXSeries for MultiplatformsCWE-598 5.9 Medium2024-11-01
CVE-2024-45656 IBM Flexible Service Processor hard coded credentials — Flexible Service ProcessorCWE-798 9.8 Critical2024-10-29
CVE-2024-38314 IBM Maximo Application Suite - Monitor Component information disclosure — Maximo Application Suite - Monitor ComponentCWE-321 5.9 Medium2024-10-24
CVE-2023-50310 IBM CICS Transaction Gateway for Multiplatforms information disclosure — CICS Transaction Gateway for MultiplatformsCWE-522 4.9 Medium2024-10-23
CVE-2024-31880 IBM Db2 denial of service — Db2 for Linux, UNIX and WindowsCWE-770 5.3 Medium2024-10-23
CVE-2024-43177 IBM Concert improper certificate validation — ConcertCWE-295 5.9 Medium2024-10-22
CVE-2024-43173 IBM Concert information disclosure — ConcertCWE-1275 3.7 Low2024-10-22
CVE-2024-45071 IBM WebSphere Application Server cross-site scripting — WebSphere Application ServerCWE-79 5.5 Medium2024-10-16
CVE-2024-45072 IBM WebSphere Application Server XML external entity injection — WebSphere Application ServerCWE-611 5.5 Medium2024-10-16
CVE-2024-49340 IBM Watson Studio Local cross-site request forgery — Watson Studio LocalCWE-352 4.3 Medium2024-10-15
CVE-2024-45085 IBM WebSphere Application Server denial of service — WebSphere Application ServerCWE-754 5.9 Medium2024-10-15
CVE-2024-45073 IBM WebSphere Application Server cross-site scripting — WebSphere Application ServerCWE-79 4.8 Medium2024-09-30
CVE-2024-43191 IBM ManageIQ command execution — Cloud Pak for Multicloud ManagementCWE-502 7.2 High2024-09-26
CVE-2024-31899 IBM Cognos Command Center information disclosure — Cognos Command CenterCWE-256 4.3 Medium2024-09-26
CVE-2023-46175 IBM Cloud Pak for Multicloud Management information disclosure — Cloud Pak for Multicloud ManagementCWE-532 4.4 Medium2024-09-26
CVE-2024-38324 IBM Storage Defender improper certificate validation — Storage Defender - Resiliency ServiceCWE-297 5.9 Medium2024-09-24
CVE-2021-38963 IBM Aspera Console CSV injection — Aspera ConsoleCWE-1236 8.0 High2024-09-24
CVE-2022-43845 IBM Aspera Console information disclosure — Aspera ConsoleCWE-1004 3.7 Low2024-09-24
CVE-2024-40703 IBM Cognos Analytics information disclosure — Cognos AnalyticsCWE-522 5.5 Medium2024-09-22
CVE-2024-43188 IBM Business Automation Workflow improper input validation — Business Automation WorkflowCWE-602 4.9 Medium2024-09-18
CVE-2024-38315 IBM Aspera Shares session fixation — Aspera SharesCWE-613 6.3 Medium2024-09-16

This page lists every published CVE security advisory associated with IBM. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.