Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

IBM — Vulnerabilities & Security Advisories 4629

Browse all 4629 CVE security advisories affecting IBM. AI-powered Chinese analysis, POCs, and references for each vulnerability.

IBM operates as a multinational technology and consulting corporation, primarily providing enterprise software, hybrid cloud services, and artificial intelligence solutions. Its extensive portfolio, including the Red Hat OpenShift platform and Watson AI suite, creates a broad attack surface that has historically been associated with Remote Code Execution (RCE) vulnerabilities, particularly within web application frameworks and middleware. Cross-site scripting (XSS) and privilege escalation flaws also frequently appear in its legacy enterprise applications and containerized environments. While the company maintains robust security protocols, past incidents have included data breaches affecting customer information and supply chain compromises. The high volume of recorded Common Vulnerabilities and Exposures (CVEs) reflects the complexity and scale of its global infrastructure rather than inherent systemic failure, though it necessitates rigorous patch management and continuous monitoring for enterprise clients relying on its diverse technological stack.

Top products by IBM: DB2 for Linux, UNIX and Windows InfoSphere Information Server Sterling B2B Integrator WebSphere Application Server Security Guardium QRadar SIEM Cognos Analytics MQ Maximo Asset Management API Connect Rational Quality Manager Rational Collaborative Lifecycle Management Security Key Lifecycle Manager i AIX Spectrum Protect Plus Robotic Process Automation Spectrum Scale UrbanCode Deploy Cognos Controller Aspera Faspex Sterling File Gateway Rational DOORS Next Generation Security Identity Governance and Intelligence Cloud Pak for Security Cloud Pak System Concert Financial Transaction Manager Content Navigator Jazz Reporting Service
CVE IDTitleCVSSSeverityPublished
CVE-2023-50314 IBM WebSphere Application Server Libery information disclosure — WebSphere Application LibertyCWE-295 5.3 Medium2024-08-14
CVE-2023-50315 IBM WebSphere Application Server information disclosure — WebSphere Application ServerCWE-295 5.3 Medium2024-08-14
CVE-2024-27267 IBM SDK, Java Technology Edition denial of service — SDK, Java Technology EditionCWE-362 5.9 Medium2024-08-14
CVE-2024-28799 IBM QRadar Suite Software information disclosure — QRadar Suite SoftwareCWE-214 5.6 Medium2024-08-14
CVE-2024-35124 IBM OpenBMC authentication bypass — OpenBMCCWE-288 7.5 High2024-08-13
CVE-2024-41774 IBM Common Licensing cross-site scripting — Common LicensingCWE-79 4.8 Medium2024-08-13
CVE-2024-40697 IBM Common Licensing information disclosure — Common LicensingCWE-521 7.5 High2024-08-13
CVE-2022-38382 IBM Cloud Pak for Security session fixation — QRadar Suite SoftwareCWE-613 4.7 Medium2024-08-13
CVE-2023-38018 IBM Aspera Shares session fixation — Aspera SharesCWE-384 6.3 Medium2024-08-09
CVE-2024-39751 IBM InfoSphere Information Server information disclosure — InfoSphere Information ServerCWE-209 4.3 Medium2024-08-06
CVE-2024-35143 IBM Planning Analytics Local missing authentication — Planning Analytics LocalCWE-306 6.7 Medium2024-08-04
CVE-2024-38321 IBM Business Automation Workflow information disclosure — Business Automation WorkflowCWE-532 5.3 Medium2024-08-03
CVE-2022-33167 IBM Security Directory Integrator information disclosure — Security Directory IntegratorCWE-1004 3.7 Low2024-07-30
CVE-2023-26288 IBM Aspera Orchestrator session fixation — Aspera OrchestratorCWE-613 5.5 Medium2024-07-30
CVE-2023-38001 IBM Aspera Orchestrator cross-site request forgery — Aspera OrchestratorCWE-352 6.5 Medium2024-07-30
CVE-2023-26289 IBM Aspera Orchestrator HTTP header injection — Aspera OrchestratorCWE-644 5.4 Medium2024-07-30
CVE-2024-40689 IBM InfoSphere Information Server SQL injection — InfoSphere Information ServerCWE-89 6.0 Medium2024-07-26
CVE-2024-28772 IBM Security Directory Integrator cross-site scripting — Security Directory IntegratorCWE-79 6.8 Medium2024-07-25
CVE-2022-32759 IBM Security Directory Server information disclosure — Security Directory IntegratorCWE-613 5.3 Medium2024-07-25
CVE-2024-37533 IBM InfoSphere Information Server information disclosure — InfoSphere Information ServerCWE-359 2.4 Low2024-07-24
CVE-2023-50304 IBM Engineering Requirements Management DOORS XML external entity injection — Engineering Requirements Management DOORSCWE-611 7.1 High2024-07-18
CVE-2024-28796 IBM Rational ClearQuest 跨站脚本漏洞 — ClearQuestCWE-79 6.4 Medium2024-07-17
CVE-2023-42010 IBM Sterling B2B Integrator Standard Edition information disclosure — Sterling B2B Integrator Standard EditionCWE-497 3.1 Low2024-07-17
CVE-2022-35640 IBM Sterling Partner Engagement Manager information disclosure — Sterling Partner Engagement ManagerCWE-209 4.0 Medium2024-07-16
CVE-2024-39740 IBM Datacap Navigator information disclosure — Datacap NavigatorCWE-497 4.3 Medium2024-07-15
CVE-2024-39741 IBM Datacap Navigator directory traversal — Datacap NavigatorCWE-22 4.3 Medium2024-07-15
CVE-2024-39729 IBM Datacap Navigator information disclosure — Datacap NavigatorCWE-540 4.3 Medium2024-07-15
CVE-2024-39735 IBM Datacap Navigator cross-site scripting — Datacap NavigatorCWE-79 5.4 Medium2024-07-15
CVE-2024-39731 IBM Datacap Navigator information disclosure — Datacap NavigatorCWE-327 5.9 Medium2024-07-15
CVE-2024-39728 IBM Datacap Navigator cross-site scripting — Datacap NavigatorCWE-79 6.4 Medium2024-07-15

This page lists every published CVE security advisory associated with IBM. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.