Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

IBM — Vulnerabilities & Security Advisories 4629

Browse all 4629 CVE security advisories affecting IBM. AI-powered Chinese analysis, POCs, and references for each vulnerability.

IBM operates as a multinational technology and consulting corporation, primarily providing enterprise software, hybrid cloud services, and artificial intelligence solutions. Its extensive portfolio, including the Red Hat OpenShift platform and Watson AI suite, creates a broad attack surface that has historically been associated with Remote Code Execution (RCE) vulnerabilities, particularly within web application frameworks and middleware. Cross-site scripting (XSS) and privilege escalation flaws also frequently appear in its legacy enterprise applications and containerized environments. While the company maintains robust security protocols, past incidents have included data breaches affecting customer information and supply chain compromises. The high volume of recorded Common Vulnerabilities and Exposures (CVEs) reflects the complexity and scale of its global infrastructure rather than inherent systemic failure, though it necessitates rigorous patch management and continuous monitoring for enterprise clients relying on its diverse technological stack.

Top products by IBM: DB2 for Linux, UNIX and Windows InfoSphere Information Server Sterling B2B Integrator WebSphere Application Server Security Guardium QRadar SIEM Cognos Analytics MQ Maximo Asset Management API Connect Rational Quality Manager Rational Collaborative Lifecycle Management Security Key Lifecycle Manager i AIX Spectrum Protect Plus Robotic Process Automation Spectrum Scale UrbanCode Deploy Cognos Controller Aspera Faspex Sterling File Gateway Rational DOORS Next Generation Security Identity Governance and Intelligence Cloud Pak for Security Cloud Pak System Concert Financial Transaction Manager Content Navigator Jazz Reporting Service
CVE IDTitleCVSSSeverityPublished
CVE-2022-43880 IBM QRadar WinCollect Agent — QRadar WinCollect Agent CWE-400 4.4 Medium2024-03-03
CVE-2024-22355 IBM QRadar Suite information dislosure — QRadar Suite ProductsCWE-521 5.9 Medium2024-03-03
CVE-2023-47742 IBM QRadar Suite information dislosure — QRadar Suite ProductsCWE-295 5.9 Medium2024-03-03
CVE-2023-43054 IBM Engineering Test Management cross-site scripting — Engineering Test ManagementCWE-79 6.4 Medium2024-03-03
CVE-2023-47745 IBM MQ Container information disclosure — MQ OperatorCWE-319 6.2 Medium2024-03-03
CVE-2024-27255 IBM MQ Container information disclosure — MQ OperatorCWE-327 5.9 Medium2024-03-03
CVE-2024-25016 IBM MQ denial of service — MQCWE-20 7.5 High2024-03-03
CVE-2023-50312 IBM WebSphere Application Server Liberty information disclosure — WebSphere Application Server LibertyCWE-327 5.3 Medium2024-03-01
CVE-2023-38366 IBM FileNet Content Manager directory traversal — Filenet Content ManagerCWE-22 5.3 Medium2024-03-01
CVE-2023-47716 IBM FileNet Content Manager privilege escalation — Filenet Content ManagerCWE-863 6.3 Medium2024-03-01
CVE-2023-50324 IBM Cognos Command Center information disclosure — Cognos Command CenterCWE-200 5.3 Medium2024-03-01
CVE-2023-28949 IBM Engineering Requirements Management cross-site request forgery — Engineering Requirements ManagementCWE-352 6.5 Medium2024-03-01
CVE-2023-50305 IBM Engineering Requirements Management information disclosure — Engineering Requirements ManagementCWE-521 5.1 Medium2024-03-01
CVE-2023-28525 IBM Engineering Requirements Management cross-site scripting — Engineering Requirements ManagementCWE-79 4.8 Medium2024-03-01
CVE-2021-39090 IBM Cloud Pak for Security information disclosure — Cloud Pak for SecurityCWE-311 5.9 Medium2024-02-29
CVE-2023-38367 IBM Cloud Pak for Automation authentication bypass — Cloud Pak for Automation 6.5 Medium2024-02-29
CVE-2023-27545 IBM Watson CloudPak for Data Data Stores information disclosure — Watson CloudPak for Data Data StoresCWE-525 4.0 Medium2024-02-29
CVE-2023-25921 IBM Security Guardium Key Lifecycle Manager file upload — Security Guardium Key Lifecycle ManagerCWE-434 8.5 High2024-02-29
CVE-2023-25926 IBM Security Guardium Key Lifecycle Manager XML external entity injection — Security Guardium Key Lifecycle ManagerCWE-611 5.5 Medium2024-02-29
CVE-2023-38372 IBM Watson IoT Platform information disclosure — Watson IoT PlatformCWE-287 5.9 Medium2024-02-29
CVE-2023-25925 IBM Security Guardium Key Lifecycle Manager command injection — Security Guardium Key Lifecycle ManagerCWE-78 8.5 High2024-02-28
CVE-2023-25922 IBM Security Guardium Key Lifecycle Manager file upload — Security Guardium Key Lifecycle ManagerCWE-434 4.3 Medium2024-02-28
CVE-2023-50303 IBM InfoSphere Information Server cross-site scripting — InfoSphere Information ServerCWE-79 6.1 Medium2024-02-28
CVE-2023-43051 IBM Cognos Analytics cross-site scripting — Cognos AnalyticsCWE-79 5.4 Medium2024-02-24
CVE-2022-34357 IBM Cognos Analytics Mobile Server denial of service — Cognos AnalyticsCWE-770 6.5 Medium2024-02-24
CVE-2023-30996 IBM Cognos Analytics cross-origin resource sharing — Cognos AnalyticsCWE-346 5.3 Medium2024-02-24
CVE-2023-32344 IBM Cognos Analytics cross-site request forgery — Cognos AnalyticsCWE-352 4.3 Medium2024-02-24
CVE-2023-38359 IBM Cognos Analytics cross-site scripting — Cognos AnalyticsCWE-79 6.1 Medium2024-02-24
CVE-2022-43842 IBM Aspera Console SQL injection — Aspera ConsoleCWE-89 8.6 High2024-02-23
CVE-2024-25021 IBM AIX command execution — AIX 8.4 High2024-02-22

This page lists every published CVE security advisory associated with IBM. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.