Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

IBM — Vulnerabilities & Security Advisories 4629

Browse all 4629 CVE security advisories affecting IBM. AI-powered Chinese analysis, POCs, and references for each vulnerability.

IBM operates as a multinational technology and consulting corporation, primarily providing enterprise software, hybrid cloud services, and artificial intelligence solutions. Its extensive portfolio, including the Red Hat OpenShift platform and Watson AI suite, creates a broad attack surface that has historically been associated with Remote Code Execution (RCE) vulnerabilities, particularly within web application frameworks and middleware. Cross-site scripting (XSS) and privilege escalation flaws also frequently appear in its legacy enterprise applications and containerized environments. While the company maintains robust security protocols, past incidents have included data breaches affecting customer information and supply chain compromises. The high volume of recorded Common Vulnerabilities and Exposures (CVEs) reflects the complexity and scale of its global infrastructure rather than inherent systemic failure, though it necessitates rigorous patch management and continuous monitoring for enterprise clients relying on its diverse technological stack.

Top products by IBM: DB2 for Linux, UNIX and Windows InfoSphere Information Server Sterling B2B Integrator WebSphere Application Server Security Guardium QRadar SIEM Cognos Analytics MQ Maximo Asset Management API Connect Rational Quality Manager Rational Collaborative Lifecycle Management Security Key Lifecycle Manager i AIX Spectrum Protect Plus Robotic Process Automation Spectrum Scale UrbanCode Deploy Cognos Controller Aspera Faspex Sterling File Gateway Rational DOORS Next Generation Security Identity Governance and Intelligence Cloud Pak for Security Cloud Pak System Concert Financial Transaction Manager Content Navigator Jazz Reporting Service
CVE IDTitleCVSSSeverityPublished
CVE-2023-43040 IBM Spectrum Fusion HCI improper access control — Spectrum Fusion HCICWE-1220 6.5 Medium2024-05-13
CVE-2023-47711 IBM Security Guardium denial of service — Security GuardiumCWE-434 2.7 Low2024-05-11
CVE-2023-47712 IBM Security Guardium privilege escalation — Security GuardiumCWE-732 7.8 High2024-05-11
CVE-2023-47709 IBM Security Guardium command injection — Security GuardiumCWE-78 9.1 Critical2024-05-11
CVE-2024-28760 IBM App Connect Enterprise denial of service — App Connect EnterpriseCWE-770 4.3 Medium2024-05-11
CVE-2024-28761 IBM App Connect Enterprise HTML injection — App Connect Enterprise 5.4 Medium2024-05-11
CVE-2024-22345 IBM TXSeries for Multiplatforms information disclosure — TXSeries for MultiplatformsCWE-522 6.2 Medium2024-05-10
CVE-2024-22344 IBM TXSeries for Multiplatforms information disclosure — TXSeries for Multiplatforms 6.1 Medium2024-05-10
CVE-2024-22343 IBM TXSeries for Multiplatforms information disclosure — TXSeries for MultiplatformsCWE-525 4.0 Medium2024-05-10
CVE-2023-38264 IBM SDK, Java Technology Edition denial of service — SDK, Java Technology EditionCWE-502 5.9 Medium2024-05-10
CVE-2024-27269 IBM QRadar SIEM information disclosure — QRadar SIEMCWE-286 6.8 Medium2024-05-10
CVE-2024-28781 IBM UrbanCode Deploy cross-site scripting — UrbanCode DeployCWE-79 5.4 Medium2024-05-10
CVE-2023-40694 IBM Watson CP4D Data Stores information disclosure — Watson CP4D Data StoresCWE-532 6.2 Medium2024-05-07
CVE-2024-27273 IBM AIX privilege escalation — AIXCWE-266 8.1 High2024-05-07
CVE-2023-27283 IBM Aspera Orchestrator information disclosure — Aspera OrchestratorCWE-204 5.3 Medium2024-05-04
CVE-2023-40695 IBM Cognos Controller session fixation — Cognos ControllerCWE-613 6.3 Medium2024-05-03
CVE-2021-20451 IBM Cognos Controller SQL injection — Cognos ControllerCWE-89 6.0 Medium2024-05-03
CVE-2022-22364 IBM Cognos Controller security bypass — Cognos ControllerCWE-350 5.3 Medium2024-05-03
CVE-2023-28952 IBM Cognos Controller log injection — Cognos ControllerCWE-117 5.3 Medium2024-05-03
CVE-2023-38724 IBM Cognos Controller SQL injection — Cognos ControllerCWE-89 6.3 Medium2024-05-03
CVE-2023-40696 IBM Cognos Controller information disclosure — Cognos ControllerCWE-327 5.9 Medium2024-05-03
CVE-2021-20556 IBM Cognos Controller information disclosure — Cognos ControllerCWE-204 5.3 Medium2024-05-03
CVE-2023-23474 IBM Cognos Controller information disclosure — Cognos ControllerCWE-209 3.7 Low2024-05-03
CVE-2021-20450 IBM Cognos Controller information disclosure — Cognos Controller 4.3 Medium2024-05-03
CVE-2020-4874 IBM Cognos Controller information disclosure — Cognos ControllerCWE-327 5.9 Medium2024-05-03
CVE-2023-37407 IBM Aspera Orchestrator command execution — Aspera OrchestratorCWE-78 8.8 High2024-05-03
CVE-2024-25047 IBM Cognos Analytics log injection — Cognos AnalyticsCWE-117 8.6 High2024-05-02
CVE-2023-47727 IBM QRadar Suite Software file manipulation — Cloud Pak for SecurityCWE-1287 4.3 Medium2024-05-02
CVE-2024-28764 IBM WebSphere Automation CSV injection — WebSphere AutomationCWE-1236 6.5 Medium2024-05-01
CVE-2024-25015 IBM MQ denial of service — MQCWE-406 7.5 High2024-05-01

This page lists every published CVE security advisory associated with IBM. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.