IBM — Vulnerabilities & Security Advisories 4629

Browse all 4629 CVE security advisories affecting IBM. AI-powered Chinese analysis, POCs, and references for each vulnerability.

IBM operates as a multinational technology and consulting corporation, primarily providing enterprise software, hybrid cloud services, and artificial intelligence solutions. Its extensive portfolio, including the Red Hat OpenShift platform and Watson AI suite, creates a broad attack surface that has historically been associated with Remote Code Execution (RCE) vulnerabilities, particularly within web application frameworks and middleware. Cross-site scripting (XSS) and privilege escalation flaws also frequently appear in its legacy enterprise applications and containerized environments. While the company maintains robust security protocols, past incidents have included data breaches affecting customer information and supply chain compromises. The high volume of recorded Common Vulnerabilities and Exposures (CVEs) reflects the complexity and scale of its global infrastructure rather than inherent systemic failure, though it necessitates rigorous patch management and continuous monitoring for enterprise clients relying on its diverse technological stack.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-36425	IBM Db2 Information Disclosure — Db2 for Linux, UNIX and WindowsCWE-256	5.3	Medium	2026-02-17
CVE-2025-13867	IBM Db2 Denial of Service — Db2 for Linux, UNIX and WindowsCWE-1284	6.5	Medium	2026-02-17
CVE-2025-14689	IBM Db2 Denial of Service — Db2 for Linux, UNIX and WindowsCWE-1284	6.5	Medium	2026-02-17
CVE-2025-14150	IBM webMethods Integration Sever is affected by — webMethods Integration (on prem) - Integration ServerCWE-497	6.5	Medium	2026-02-05
CVE-2025-13491	IBM App Connect Enterprise Certified Container Information Disclosure — App Connect Enterprise Certified ContainerCWE-426	5.1	Medium	2026-02-05
CVE-2025-13379	A SQL Injection vulnerability has been addressed in IBM Aspera Console — Aspera ConsoleCWE-89	8.6	High	2026-02-05
CVE-2024-51451	Multiple Vulnerabilities in IBM Concert Software — ConcertCWE-644	6.5	Medium	2026-02-04
CVE-2024-43181	Multiple Vulnerabilities in IBM Concert Software — ConcertCWE-613	6.3	Medium	2026-02-04
CVE-2024-40685	IBM Operations Analytics - Log Analysis is affected by CSRF Token Replay Attack — Operations Analytics - Log AnalysisCWE-352	4.3	Medium	2026-02-04
CVE-2025-2134	IBM Jazz Reporting Service Denial of Service — Jazz Reporting ServiceCWE-410	3.5	Low	2026-02-04
CVE-2025-27550	IBM Jazz Reporting Service Information Disclosure — Jazz Reporting ServiceCWE-497	3.5	Low	2026-02-04
CVE-2025-1823	IBM Jazz Reporting Service Denial of Service — Jazz Reporting ServiceCWE-770	3.5	Low	2026-02-04
CVE-2024-39724	IBM Db2 Big SQL on Cloud Pak for Data is vulnerable to a denial of service due to lack of throttling on an API — Db2 Big SQL on Cloud Pak for DataCWE-770	5.3	Medium	2026-02-04
CVE-2023-38281	Multiple Vulnerabilities in IBM Cloud Pak System — Cloud Pak SystemCWE-209	5.3	Medium	2026-02-04
CVE-2023-38017	Multiple Vulnerabilities in IBM Cloud Pak System — Cloud Pak SystemCWE-209	5.3	Medium	2026-02-04
CVE-2025-13375	IBM Common Cryptographic Architecture Arbitrary Command Execution — Common Cryptographic ArchitectureCWE-250	9.8	Critical	2026-02-04
CVE-2023-38010	Multiple Vulnerabilities in IBM Cloud Pak System — Cloud Pak SystemCWE-209	5.3	Medium	2026-02-04
CVE-2025-33081	Multiple Vulnerabilities in IBM Concert Software. — ConcertCWE-312	3.3	Low	2026-02-03
CVE-2025-36033	IBM Engineering Lifecycle Management - Global Configuration Management is vulnerable to cross-site scripting — Engineering Lifecycle Management - Global Configuration ManagementCWE-79	5.4	Medium	2026-02-03
CVE-2025-36094	Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for January 2026. — Cloud Pak for Business AutomationCWE-1284	5.4	Medium	2026-02-03
CVE-2025-36194	This Power System update is being released to address — PowerVM HypervisorCWE-1262	2.8	Low	2026-02-02
CVE-2025-36238	Power System Exposure of Sensitive System Information — PowerVM HypervisorCWE-497	6.0	Medium	2026-02-02
CVE-2025-36253	Multiple Vulnerabilities in IBM Concert Software. — ConcertCWE-759	5.9	Medium	2026-02-02
CVE-2025-36436	Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for January 2026. — Cloud Pak for Business AutomationCWE-79	6.4	Medium	2026-02-02
CVE-2025-13096	XML eXternal Entity injection (XXE) vulnerability affect IBM Business Automation Workflow - — Business Automation Workflow containersCWE-918	7.1	High	2026-02-02
CVE-2025-14914	IBM WebSphere Application Server Liberty Path Traversal — WebSphere Application Server LibertyCWE-22	7.6	High	2026-02-02
CVE-2025-15395	IBM Jazz Foundation access control violation — Jazz FoundationCWE-863	4.3	Medium	2026-02-02
CVE-2025-2668	IBM Db2 Denial of Service — Db2 for Linux, UNIX and WindowsCWE-789	6.5	Medium	2026-01-30
CVE-2025-36001	IBM Db2 Denial of Service — Db2 for Linux, UNIX and WindowsCWE-674	6.5	Medium	2026-01-30
CVE-2025-36009	IBM Db2 Denial of Service — Db2 for Linux, UNIX and WindowsCWE-1284	6.5	Medium	2026-01-30

This page lists every published CVE security advisory associated with IBM. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

IBM — Vulnerabilities & Security Advisories 4629