Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

IBM — Vulnerabilities & Security Advisories 4629

Browse all 4629 CVE security advisories affecting IBM. AI-powered Chinese analysis, POCs, and references for each vulnerability.

IBM operates as a multinational technology and consulting corporation, primarily providing enterprise software, hybrid cloud services, and artificial intelligence solutions. Its extensive portfolio, including the Red Hat OpenShift platform and Watson AI suite, creates a broad attack surface that has historically been associated with Remote Code Execution (RCE) vulnerabilities, particularly within web application frameworks and middleware. Cross-site scripting (XSS) and privilege escalation flaws also frequently appear in its legacy enterprise applications and containerized environments. While the company maintains robust security protocols, past incidents have included data breaches affecting customer information and supply chain compromises. The high volume of recorded Common Vulnerabilities and Exposures (CVEs) reflects the complexity and scale of its global infrastructure rather than inherent systemic failure, though it necessitates rigorous patch management and continuous monitoring for enterprise clients relying on its diverse technological stack.

Top products by IBM: DB2 for Linux, UNIX and Windows InfoSphere Information Server Sterling B2B Integrator WebSphere Application Server Security Guardium QRadar SIEM Cognos Analytics MQ Maximo Asset Management API Connect Rational Quality Manager Rational Collaborative Lifecycle Management Security Key Lifecycle Manager i AIX Spectrum Protect Plus Robotic Process Automation Spectrum Scale UrbanCode Deploy Cognos Controller Aspera Faspex Sterling File Gateway Rational DOORS Next Generation Security Identity Governance and Intelligence Cloud Pak for Security Cloud Pak System Concert Financial Transaction Manager Content Navigator Jazz Reporting Service
CVE IDTitleCVSSSeverityPublished
CVE-2025-14504 IBM Sterling B2B Integrator and IBM Sterling File Gateway Cross-Site Scripting — Sterling B2B IntegratorCWE-79 5.4 Medium2026-03-13
CVE-2026-0835 IBM Sterling B2B Integrator和IBM Sterling File Gateway 跨站脚本漏洞 — Sterling B2B IntegratorCWE-79 5.4 Medium2026-03-13
CVE-2025-13702 IBM Sterling Partner Engagement Manager Cross-Site Scripting — Sterling Partner Engagement Manager 6.1 Medium2026-03-13
CVE-2025-13718 IBM Sterling Partner Engagement Manager Information Disclosure — Sterling Partner Engagement ManagerCWE-319 3.7 Low2026-03-13
CVE-2025-13723 IBM Sterling Partner Engagement Manager Information Disclosure — Sterling Partner Engagement ManagerCWE-324 5.3 Medium2026-03-13
CVE-2025-13726 IBM Sterling Partner Engagement Manager Information Disclosure — Sterling Partner Engagement ManagerCWE-209 5.3 Medium2026-03-13
CVE-2025-14811 IBM Sterling Partner Engagement Manager Information Disclosure — Sterling Partner Engagement ManagerCWE-598 3.1 Low2026-03-13
CVE-2025-13213 Multiple vulnerabilities in IBM Aspera Orchestrator — Aspera OrchestratorCWE-644 5.4 Medium2026-03-10
CVE-2025-13219 Multiple vulnerabilities in IBM Aspera Orchestrator — Aspera OrchestratorCWE-598 5.9 Medium2026-03-10
CVE-2025-36226 Multiple vulnerabilities in IBM Aspera Faspex — Aspera Faspex 5CWE-79 5.4 Medium2026-03-10
CVE-2025-36227 Multiple vulnerabilities in IBM Aspera Faspex — Aspera Faspex 5CWE-644 5.4 Medium2026-03-10
CVE-2026-2713 IBM Trusteer Rapport installer affected by uncontrolled search path element vulnerability — Trusteer Rapport installerCWE-427 7.4 High2026-03-10
CVE-2025-36173 InfoSphere Data Architect (IDA) 9.2.1 Vulnerability Fixes. — InfoSphere Data ArchitectCWE-79 6.1 Medium2026-03-10
CVE-2025-36105 IBM Planning Analytics Advanced Certified Containers is vulnerable to a sensitive information disclosure vulnerability — Planning Analytics Advanced Certified ContainersCWE-526 4.4 Medium2026-03-10
CVE-2025-13686 DataStage on Cloud Pak for Data is vulnerable to arbitrary code injection due to runtime environment — DataStage on Cloud Pak for DataCWE-78 6.3 Medium2026-03-03
CVE-2025-13687 DataStage on Cloud Pak for Data is vulnerable to arbitrary code injection due to runtime environment — DataStage on Cloud Pak for DataCWE-78 6.3 Medium2026-03-03
CVE-2025-13688 DataStage on Cloud Pak for Data is vulnerable to arbitrary code injection due to runtime environment — DataStage on Cloud Pak for DataCWE-78 6.3 Medium2026-03-03
CVE-2025-14456 IBM MQ Appliance uses weaker than expected cryptographic algorithms — MQ ApplianceCWE-327 6.5AIMediumAI2026-03-03
CVE-2025-14480 IBM Aspera faspio Gateway 1.3.7 has addressed a vulnerability affected by weak cryptographic algorithms — Aspera faspio GatewayCWE-327 5.1 Medium2026-03-03
CVE-2026-1567 IBM InfoSphere Information Server is affected by an XML external entity injection (XXE) vulnerability — InfoSphere Information ServerCWE-611 7.1 High2026-03-03
CVE-2026-1713 IBM MQ is affected by an authority vulnerablility — MQCWE-305 6.8AIMediumAI2026-03-03
CVE-2025-13490 IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that report metrics are vulnerable to loss of confidentiality — App Connect Operator 5.9 Medium2026-03-03
CVE-2025-13616 DataStage on Cloud Pak for Data is vulnerable to sensitive information leak due to HTTP response — DataStage on Cloud Pak for DataCWE-497 6.5 Medium2026-03-03
CVE-2025-13734 IBM Engineering Requirements Management DOORS Next could allow an authenticated user to access and modify data beyond authorized permissions — Engineering Requirements Management DOORS NextCWE-862 5.4 Medium2026-03-03
CVE-2025-14604 The following vulnerabilities, which may affect IBM Storage Scale when a directory has a specific ACL composition and could lead to improper execute permissions, have been remediated in Storage Scale versions 5.2.3.6 and 6.0.0.2 — Storage ScaleCWE-732 6.6 Medium2026-03-03
CVE-2025-14923 IBM WebSphere Application Server Liberty could provide weaker than expected security — WebSphere Application Server - LibertyCWE-321 4.7 Medium2026-03-03
CVE-2025-36363 IBM DevOps Plan is vulnerable to Excessive Authentication Attempts — DevOps PlanCWE-307 5.9 Medium2026-03-03
CVE-2025-36364 IBM DevOps Plan REST APIs are vulnerable to exposure of sensitive data through request query parameters. — DevOps PlanCWE-525 6.2 Medium2026-03-03
CVE-2026-1265 IBM InfoSphere Information Server is vulnerable due to sensitive information written to a log file — InfoSphere Information ServerCWE-532 4.3 Medium2026-03-03
CVE-2026-2606 IBM webMethods API Management fails to validate user input and enables unauthorized arbitrary file read — webMethods API Gateway (on-prem)CWE-22 6.5 Medium2026-03-03

This page lists every published CVE security advisory associated with IBM. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.