IBM — Vulnerabilities & Security Advisories 4629

Browse all 4629 CVE security advisories affecting IBM. AI-powered Chinese analysis, POCs, and references for each vulnerability.

IBM operates as a multinational technology and consulting corporation, primarily providing enterprise software, hybrid cloud services, and artificial intelligence solutions. Its extensive portfolio, including the Red Hat OpenShift platform and Watson AI suite, creates a broad attack surface that has historically been associated with Remote Code Execution (RCE) vulnerabilities, particularly within web application frameworks and middleware. Cross-site scripting (XSS) and privilege escalation flaws also frequently appear in its legacy enterprise applications and containerized environments. While the company maintains robust security protocols, past incidents have included data breaches affecting customer information and supply chain compromises. The high volume of recorded Common Vulnerabilities and Exposures (CVEs) reflects the complexity and scale of its global infrastructure rather than inherent systemic failure, though it necessitates rigorous patch management and continuous monitoring for enterprise clients relying on its diverse technological stack.

CVE ID	Title	CVSS	Severity	Published
CVE-2023-23469	IBM Cloud Pak for Business Automation information disclosure — Cloud Pak for Business Automation	4.0	Medium	2023-02-01
CVE-2022-47983	IBM InfoSphere Information Server cross-site scripting — InfoSphere Information ServerCWE-79	5.4	Medium	2023-02-01
CVE-2022-43922	IBM App Connect Enterprise Certified Container information disclosure — App Connect Enterprise Certified Container	5.3	Medium	2023-02-01
CVE-2022-22462	IBM Security Verify Governance, Identity Manager virtual appliance component information disclosure — Security Verify GovernanceCWE-327	3.7	Low	2023-01-25
CVE-2022-43864	IBM Business Automation Workflow information disclosure — Business MonitorCWE-22	7.5	High	2023-01-25
CVE-2022-43917	IBM WebSphere Application Server information disclosure — WebSphere Application ServerCWE-327	5.9	Medium	2023-01-25
CVE-2022-41733	IBM InfoSphere Information Server denial of service — InfoSphere Information ServerCWE-20	5.3	Medium	2023-01-20
CVE-2021-39089	IBM Cloud Pak for Security information disclosure — Cloud Pak for SecurityCWE-200	4.3	Medium	2023-01-20
CVE-2021-39011	IBM Cloud Pak for Security information disclosure — Cloud Pak for SecurityCWE-532	4.2	Medium	2023-01-20
CVE-2022-39167	IBM Spectrum Virtualize information disclosure — Spectrum VirtualizeCWE-200	5.9	Medium	2023-01-19
CVE-2023-22863	IBM Robotic Process Automation information disclosure — Robotic Process AutomationCWE-319	5.9	Medium	2023-01-18
CVE-2023-22594	IBM Robotic Process Automation for Cloud Pak cross-site scripting — Robotic Process Automation for Cloud PakCWE-79	4.6	Medium	2023-01-18
CVE-2023-22592	IBM Robotic Process Automation for Cloud Pak insufficient permission settings — Robotic Process Automation for Cloud Pak	4.0	Medium	2023-01-18
CVE-2022-47990	IBM AIX denial of service — AIXCWE-120	6.2	Medium	2023-01-18
CVE-2023-22875	IBM Security QRadar SIEM information disclosure — Security QRadar SIEMCWE-200	8.4	High	2023-01-17
CVE-2022-40615	IBM Sterling Partner Engagement Manager SQL injection — Sterling Partner Engagement ManagerCWE-89	6.3	Medium	2023-01-11
CVE-2022-34335	IBM Sterling Partner Engagement Manager denial of service — Sterling Partner Engagement ManagerCWE-400	6.5	Medium	2023-01-11
CVE-2022-35281	IBM Maximo Application Suite command injection — Maximo Asset ManagementCWE-1236	5.5	Medium	2023-01-06
CVE-2022-22470	IBM Security Verify Governance information disclosure — Security Verify Governance	4.1	Medium	2023-01-06
CVE-2022-43573	IBM Robotic Process Automation information disclosure — Robotic Process AutomationCWE-200	3.1	Low	2023-01-05
CVE-2022-41740	IBM Robotic Process Automation information disclosure — Robotic Process Automation	4.6	Medium	2023-01-05
CVE-2022-43844	IBM Robotic Process Automation for Cloud Pak session fixation — Robotic Process Automation for Cloud PakCWE-613	8.1	-	2023-01-05
CVE-2022-22337	IBM Sterling B2B Integrator Standard Edition information disclosure — Sterling B2B Integrator Standard EditionCWE-200	4.3	Medium	2023-01-04
CVE-2022-22338	IBM Sterling B2B Integrator Standard Edition SQL injection — Sterling B2B Integrator Standard EditionCWE-89	6.3	Medium	2023-01-04
CVE-2022-22371	IBM Sterling B2B Integrator Standard Edition session fixation — Sterling B2B Integrator Standard EditionCWE-613	5.5	Medium	2023-01-04
CVE-2021-38928	IBM Sterling B2B Integrator Standard Edition cross-origin resource sharing — Sterling B2B Integrator Standard Edition	5.4	Medium	2023-01-04
CVE-2022-43920	IBM Sterling B2B Integrator Standard Edition privilege escalation — Sterling B2B Integrator Standard Edition	6.3	Medium	2023-01-04
CVE-2022-34330	IBM Sterling B2B Integrator cross-site scripting — Sterling B2B IntegratorCWE-79	6.1	Medium	2023-01-04
CVE-2022-22352	IBM Sterling B2B Integrator Standard Edition cross-site scripting — Sterling B2B Integrator Standard EditionCWE-79	5.4	Medium	2023-01-04
CVE-2022-42435	IBM Business Automation Workflow cross-site request forgery — Business Automation WorkflowCWE-352	4.3	Medium	2023-01-03

This page lists every published CVE security advisory associated with IBM. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

IBM — Vulnerabilities & Security Advisories 4629