IBM — Vulnerabilities & Security Advisories 4629

Browse all 4629 CVE security advisories affecting IBM. AI-powered Chinese analysis, POCs, and references for each vulnerability.

IBM operates as a multinational technology and consulting corporation, primarily providing enterprise software, hybrid cloud services, and artificial intelligence solutions. Its extensive portfolio, including the Red Hat OpenShift platform and Watson AI suite, creates a broad attack surface that has historically been associated with Remote Code Execution (RCE) vulnerabilities, particularly within web application frameworks and middleware. Cross-site scripting (XSS) and privilege escalation flaws also frequently appear in its legacy enterprise applications and containerized environments. While the company maintains robust security protocols, past incidents have included data breaches affecting customer information and supply chain compromises. The high volume of recorded Common Vulnerabilities and Exposures (CVEs) reflects the complexity and scale of its global infrastructure rather than inherent systemic failure, though it necessitates rigorous patch management and continuous monitoring for enterprise clients relying on its diverse technological stack.

CVE ID	Title	CVSS	Severity	Published
CVE-2023-42004	IBM Security Guardium CSV injection — Security GuardiumCWE-1236	8.0	High	2023-11-28
CVE-2023-26279	IBM QRadar WinCollect Agent improper output encoding — QRadar WinCollect AgentCWE-116	3.3	Low	2023-11-23
CVE-2021-39008	IBM QRadar WinCollect Agent information disclosure — QRadar WinCollect AgentCWE-200	2.7	Low	2023-11-23
CVE-2023-25682	IBM Sterling B2B Integrator information disclosure — Sterling B2B Integrator Standard EditionCWE-532	6.2	Medium	2023-11-22
CVE-2022-36777	IBM Cloud Pak for Security information disclosure — Cloud Pak for SecurityCWE-200	4.3	Medium	2023-11-22
CVE-2022-35638	IBM Sterling B2B Integrator cross-site request forgery — Sterling B2B IntegratorCWE-352	4.3	Medium	2023-11-22
CVE-2023-38361	IBM CICS TX Advanced information disclosure — CICS TX AdvancedCWE-327	5.9	Medium	2023-11-18
CVE-2023-40363	IBM InfoSphere Information Server privilege escalation — InfoSphere Information Server	8.1	High	2023-11-18
CVE-2023-38364	IBM CICS TX Advanced cross-site scripting — CICS TX AdvancedCWE-79	6.1	Medium	2023-11-13
CVE-2023-38363	IBM CICS TX information disclosure — CICS TX Advanced	4.3	Medium	2023-11-13
CVE-2023-43057	IBM QRadar SIEM cross-site scripting — IBM QRadar SIEMCWE-79	4.6	Medium	2023-11-11
CVE-2023-45167	IBM AIX denial of service — AIXCWE-20	6.2	Medium	2023-11-10
CVE-2023-45189	IBM Robotic Process Automation information disclosure — Robotic Process AutomationCWE-200	6.5	Medium	2023-11-03
CVE-2023-35896	IBM Content Navigator server-side request forgery — Content NavigatorCWE-918	5.4	Medium	2023-11-03
CVE-2023-46176	IBM MQ privilege escalation — MQ ApplianceCWE-424	6.7	Medium	2023-11-03
CVE-2023-43018	IBM CICS TX privilege escalation — CICS TX StandardCWE-250	5.9	Medium	2023-11-02
CVE-2023-42029	IBM CICS TX cross-site scripting — CICS TX StandardCWE-79	4.8	Medium	2023-11-02
CVE-2023-42027	IBM CICS TX cross-site request forgery — CICS TX StandardCWE-352	4.3	Medium	2023-11-02
CVE-2023-40685	IBM i privilege escalation — iCWE-269	7.4	High	2023-10-29
CVE-2023-40686	IBM i privilege escalation — iCWE-269	4.9	Medium	2023-10-29
CVE-2023-43041	IBM QRadar information disclosure — QRadar SIEMCWE-200	6.5	Medium	2023-10-29
CVE-2023-46158	IBM WebSphere Application Server session fixation — WebSphere Application Server LibertyCWE-613	4.9	Medium	2023-10-25
CVE-2023-42031	IBM CICS TX denial of service — TXSeries for MultiplatformsCWE-400	4.9	Medium	2023-10-24
CVE-2023-33837	IBM Security Verify Governance information disclosure — Security Verify GovernanceCWE-319	4.1	Medium	2023-10-23
CVE-2023-33839	IBM Security Verify Governance command execution — Security Verify GovernanceCWE-78	7.2	High	2023-10-23
CVE-2022-22466	IBM Security Verify Governance information disclosure — Security Verify GovernanceCWE-798	6.8	Medium	2023-10-23
CVE-2023-33840	IBM Security Verify Governance cross-site scripting — Security Verify GovernanceCWE-79	4.8	Medium	2023-10-23
CVE-2023-38722	IBM Sterling Partner Engagement Manager cross-site scripting — Sterling Partner Engagement ManagerCWE-79	6.4	Medium	2023-10-23
CVE-2023-43045	IBM Sterling Partner Engagement Manager security bypass — Sterling Partner Engagement ManagerCWE-288	5.9	Medium	2023-10-23
CVE-2023-38735	IBM Cognos Dashboards improper authentication — Cognos Dashboards on Cloud Pak for DataCWE-287	5.7	Medium	2023-10-22

This page lists every published CVE security advisory associated with IBM. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

IBM — Vulnerabilities & Security Advisories 4629