Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

IBM — Vulnerabilities & Security Advisories 4629

Browse all 4629 CVE security advisories affecting IBM. AI-powered Chinese analysis, POCs, and references for each vulnerability.

IBM operates as a multinational technology and consulting corporation, primarily providing enterprise software, hybrid cloud services, and artificial intelligence solutions. Its extensive portfolio, including the Red Hat OpenShift platform and Watson AI suite, creates a broad attack surface that has historically been associated with Remote Code Execution (RCE) vulnerabilities, particularly within web application frameworks and middleware. Cross-site scripting (XSS) and privilege escalation flaws also frequently appear in its legacy enterprise applications and containerized environments. While the company maintains robust security protocols, past incidents have included data breaches affecting customer information and supply chain compromises. The high volume of recorded Common Vulnerabilities and Exposures (CVEs) reflects the complexity and scale of its global infrastructure rather than inherent systemic failure, though it necessitates rigorous patch management and continuous monitoring for enterprise clients relying on its diverse technological stack.

Top products by IBM: DB2 for Linux, UNIX and Windows InfoSphere Information Server Sterling B2B Integrator WebSphere Application Server Security Guardium QRadar SIEM Cognos Analytics MQ Maximo Asset Management API Connect Rational Quality Manager Rational Collaborative Lifecycle Management Security Key Lifecycle Manager i AIX Spectrum Protect Plus Robotic Process Automation Spectrum Scale UrbanCode Deploy Cognos Controller Aspera Faspex Sterling File Gateway Rational DOORS Next Generation Security Identity Governance and Intelligence Cloud Pak for Security Cloud Pak System Concert Financial Transaction Manager Content Navigator Jazz Reporting Service
CVE IDTitleCVSSSeverityPublished
CVE-2024-28775 IBM WebSphere Automation cross-site scripting — WebSphere AutomationCWE-79 4.4 Medium2024-05-01
CVE-2022-38386 IBM Cloud Pak for Security information disclosure — Cloud Pak for SecurityCWE-1275 5.9 Medium2024-05-01
CVE-2023-38002 IBM Storage Scale session fixation — Storage ScaleCWE-384 5.0 Medium2024-04-30
CVE-2024-25050 IBM i privilege escalation — iCWE-427 8.4 High2024-04-28
CVE-2024-25048 IBM MQ code execution — MQ ApplianceCWE-122 7.5 High2024-04-27
CVE-2024-25026 IBM WebSphere Application Server denial of service — WebSphere Application ServerCWE-770 5.9 Medium2024-04-25
CVE-2023-47731 IBM QRadar Suite Software cross-site scripting — QRadar Suite SoftwareCWE-79 5.4 Medium2024-04-23
CVE-2022-40745 IBM Aspera Faspex information disclosure — Aspera FaspexCWE-326 5.5 Medium2024-04-19
CVE-2023-37397 IBM Aspera Faspex data manipulation — Aspera FaspexCWE-326 3.6 Low2024-04-19
CVE-2023-27279 IBM Aspera Faspex denial of service — Aspera FaspexCWE-799 6.5 Medium2024-04-19
CVE-2023-37396 IBM Aspera Faspex information disclosure — Aspera FaspexCWE-327 2.5 Low2024-04-19
CVE-2023-22869 IBM Aspera Faspex information disclosure — Aspera FaspexCWE-532 5.5 Medium2024-04-19
CVE-2023-37400 IBM Aspera Faspex privilege escalation — Aspera FaspexCWE-522 7.8 High2024-04-19
CVE-2024-22329 IBM WebSphere Application Server server-side request forgery — WebSphere Application ServerCWE-918 4.3 Medium2024-04-17
CVE-2024-22354 IBM WebSphere Application Server XML external entity injection — WebSphere Application ServerCWE-611 7.0 High2024-04-17
CVE-2024-31887 IBM Security Verify Privilege information disclosure — Security Verify PrivilegeCWE-497 7.5 High2024-04-16
CVE-2024-22358 IBM UrbanCode Deploy session fixation — UrbanCode DeployCWE-613 6.3 Medium2024-04-12
CVE-2024-22339 IBM UrbanCode Deploy information disclosure — UrbanCode DeployCWE-532 4.3 Medium2024-04-12
CVE-2024-22334 IBM UrbanCode Deploy improper privilege control — UrbanCode DeployCWE-732 4.4 Medium2024-04-12
CVE-2024-22359 IBM UrbanCode Deploy cross-site scripting — UrbanCode DeployCWE-79 6.1 Medium2024-04-12
CVE-2023-47714 IBM Sterling File Gateway cross-site scripting — Sterling File GatewayCWE-79 4.8 Medium2024-04-12
CVE-2024-27261 IBM Storage Defender - Resiliency Service privilege escalation — Storage DefenderCWE-749 6.4 Medium2024-04-12
CVE-2023-45186 IBM Sterling B2B Integrator cross-site scripting — Sterling B2B IntegratorCWE-79 4.8 Medium2024-04-12
CVE-2023-50307 IBM Sterling B2B Integrator cross-site scripting — Sterling B2B IntegratorCWE-79 5.4 Medium2024-04-12
CVE-2024-22357 IBM Sterling B2B Integrator cross-site scripting — Sterling B2B IntegratorCWE-79 5.4 Medium2024-04-12
CVE-2023-50949 IBM QRadar improper certificate validation — QRadar SIEMCWE-295 5.9 Medium2024-04-11
CVE-2024-31874 IBM Security Verify Access Appliance denial of service — Security Verify Access ApplianceCWE-457 6.2 Medium2024-04-10
CVE-2024-31873 IBM Security Verify Access Appliance information disclosure — Security Verify Access ApplianceCWE-798 7.5 High2024-04-10
CVE-2024-31871 IBM Security Verify Access Appliance improper certificate validation — Security Verify Access ApplianceCWE-295 7.5 High2024-04-10
CVE-2024-31872 IBM Security Verify Access Appliance missing certificate validation — Security Verify Access ApplianceCWE-295 7.5 High2024-04-10

This page lists every published CVE security advisory associated with IBM. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.