Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

IBM — Vulnerabilities & Security Advisories 4629

Browse all 4629 CVE security advisories affecting IBM. AI-powered Chinese analysis, POCs, and references for each vulnerability.

IBM operates as a multinational technology and consulting corporation, primarily providing enterprise software, hybrid cloud services, and artificial intelligence solutions. Its extensive portfolio, including the Red Hat OpenShift platform and Watson AI suite, creates a broad attack surface that has historically been associated with Remote Code Execution (RCE) vulnerabilities, particularly within web application frameworks and middleware. Cross-site scripting (XSS) and privilege escalation flaws also frequently appear in its legacy enterprise applications and containerized environments. While the company maintains robust security protocols, past incidents have included data breaches affecting customer information and supply chain compromises. The high volume of recorded Common Vulnerabilities and Exposures (CVEs) reflects the complexity and scale of its global infrastructure rather than inherent systemic failure, though it necessitates rigorous patch management and continuous monitoring for enterprise clients relying on its diverse technological stack.

Top products by IBM: DB2 for Linux, UNIX and Windows InfoSphere Information Server Sterling B2B Integrator WebSphere Application Server Security Guardium QRadar SIEM Cognos Analytics MQ Maximo Asset Management API Connect Rational Quality Manager Rational Collaborative Lifecycle Management Security Key Lifecycle Manager i AIX Spectrum Protect Plus Robotic Process Automation Spectrum Scale UrbanCode Deploy Cognos Controller Aspera Faspex Sterling File Gateway Rational DOORS Next Generation Security Identity Governance and Intelligence Cloud Pak for Security Cloud Pak System Concert Financial Transaction Manager Content Navigator Jazz Reporting Service
CVE IDTitleCVSSSeverityPublished
CVE-2021-38938 IBM Host Access Transformation Services information disclosure — Host Access Transformation ServicesCWE-522 6.2 Medium2024-03-15
CVE-2023-46181 IBM Secure Proxy information disclosure — Secure ProxyCWE-525 4.0 Medium2024-03-15
CVE-2023-47699 IBM Secure Proxy cross-site scripting — Secure ProxyCWE-79 6.1 Medium2024-03-15
CVE-2023-47147 IBM Secure Proxy file manipulation — Secure ProxyCWE-73 5.9 Medium2024-03-15
CVE-2023-46179 IBM Secure Proxy information disclosure — Secure ProxyCWE-614 4.3 Medium2024-03-15
CVE-2023-47162 IBM Secure Proxy cross-site scripting — Secure ProxyCWE-79 6.1 Medium2024-03-15
CVE-2023-46182 IBM Secure Proxy cross-site scripting — Secure ProxyCWE-79 5.4 Medium2024-03-15
CVE-2024-22346 IBM i privilege escalation — iCWE-427 8.4 High2024-03-14
CVE-2024-27265 IBM Integration Bus for z/OS cross-site request forgery — Integration Bus for z/OSCWE-352 4.5 Medium2024-03-14
CVE-2024-27266 IBM Maximo Application Suite XML external entity injection — Maximo Asset ManagementCWE-611 8.2 High2024-03-14
CVE-2023-32335 IBM Maximo Application Suite information disclosure — Maximo Application SuiteCWE-598 3.7 Low2024-03-13
CVE-2023-43043 IBM Maximo Application Suite information disclosure — Maximo Application Suite - Maximo Mobile for EAMCWE-532 5.1 Medium2024-03-13
CVE-2023-38723 Maximo Asset Management cross-site scripting — Maximo Asset ManagementCWE-79 6.4 Medium2024-03-13
CVE-2023-28517 IBM Sterling Partner Engagement Manager cross-site scripting — Sterling Partner Engagement ManagerCWE-79 5.4 Medium2024-03-13
CVE-2022-43855 IBM SPSS Statistics denial of service — SPSS StatisticsCWE-399 6.2 Medium2024-03-08
CVE-2023-46169 IBM DS8900F file manipulation — DS8900FCWE-41 6.5 Medium2024-03-07
CVE-2023-46172 IBM DS8900F security bypass — DS8900FCWE-287 5.6 Medium2024-03-07
CVE-2023-46170 IBM DS8900F information disclosure — DS8900FCWE-204 6.5 Medium2024-03-07
CVE-2023-46171 IBM DS8900F information disclosure — DS8900FCWE-532 4.3 Medium2024-03-07
CVE-2022-22399 IBM Aspera Faspex HTTP header injection — Aspera FaspexCWE-644 5.4 Medium2024-03-05
CVE-2023-25681 IBM Spectrum Virtualize security bypass — Spectrum VirtualizeCWE-308 5.3 Medium2024-03-05
CVE-2023-26282 IBM Watson CP4D Data Stores file modificiation — Watson CP4D Data StoresCWE-73 4.2 Medium2024-03-05
CVE-2023-35899 IBM Cloud Pak for Automation CSV injection — Cloud Pak for AutomationCWE-1236 7.0 High2024-03-05
CVE-2024-22352 IBM InfoSphere Information Server information disclosure — InfoSphere Information ServerCWE-532 6.5 Medium2024-03-05
CVE-2023-32331 IBM Connect:Express for UNIX denial of service — Sterling Connect:Express for UNIXCWE-119 7.5 High2024-03-04
CVE-2023-38360 IBM CICS TX cross-site scripting — CICS TX AdvancedCWE-79 6.1 Medium2024-03-04
CVE-2023-38362 IBM CICS TX information disclosure — CICS TX AdvancedCWE-204 5.3 Medium2024-03-04
CVE-2022-43890 IBM Security Verify Privilege On-Premises information disclosure — Security Verify Privilege On-PremisesCWE-200 5.3 Medium2024-03-04
CVE-2023-28512 IBM Watson CP4D Data Stores improper input validation — Watson CP4D Data StoresCWE-472 5.9 Medium2024-03-03
CVE-2023-27291 IBM Watson CP4D Data Stores information disclosure — Watson CP4D Data StoresCWE-319 4.5 Medium2024-03-03

This page lists every published CVE security advisory associated with IBM. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.