Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

IBM — Vulnerabilities & Security Advisories 4629

Browse all 4629 CVE security advisories affecting IBM. AI-powered Chinese analysis, POCs, and references for each vulnerability.

IBM operates as a multinational technology and consulting corporation, primarily providing enterprise software, hybrid cloud services, and artificial intelligence solutions. Its extensive portfolio, including the Red Hat OpenShift platform and Watson AI suite, creates a broad attack surface that has historically been associated with Remote Code Execution (RCE) vulnerabilities, particularly within web application frameworks and middleware. Cross-site scripting (XSS) and privilege escalation flaws also frequently appear in its legacy enterprise applications and containerized environments. While the company maintains robust security protocols, past incidents have included data breaches affecting customer information and supply chain compromises. The high volume of recorded Common Vulnerabilities and Exposures (CVEs) reflects the complexity and scale of its global infrastructure rather than inherent systemic failure, though it necessitates rigorous patch management and continuous monitoring for enterprise clients relying on its diverse technological stack.

Top products by IBM: DB2 for Linux, UNIX and Windows InfoSphere Information Server Sterling B2B Integrator WebSphere Application Server Security Guardium QRadar SIEM Cognos Analytics MQ Maximo Asset Management API Connect Rational Quality Manager Rational Collaborative Lifecycle Management Security Key Lifecycle Manager i AIX Spectrum Protect Plus Robotic Process Automation Spectrum Scale UrbanCode Deploy Cognos Controller Aspera Faspex Sterling File Gateway Rational DOORS Next Generation Security Identity Governance and Intelligence Cloud Pak for Security Cloud Pak System Concert Financial Transaction Manager Content Navigator Jazz Reporting Service
CVE IDTitleCVSSSeverityPublished
CVE-2022-43581 IBM Content Navigator code execution — Content NavigatorCWE-119 7.5 High2022-12-07
CVE-2022-41735 IBM Business Process Manager cross-site scripting — Business Process ManagerCWE-79 5.4 Medium2022-12-07
CVE-2022-43867 IBM Spectrum Scale command execution — Spectrum ScaleCWE-78 7.8 High2022-12-06
CVE-2022-34361 IBM Sterling Secure Proxy information disclosure — Sterling Secure ProxyCWE-327 5.9 Medium2022-12-06
CVE-2022-43901 IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps information disclosure — WebSphere Automation for Cloud Pak for Watson AIOpsCWE-200 5.7 Medium2022-12-01
CVE-2022-41297 IBM Db2U cross-site request forgery — Db2UCWE-352 4.3 Medium2022-12-01
CVE-2022-41296 IBM Db2U cross-site respect forgery — Db2UCWE-352 6.5 Medium2022-12-01
CVE-2021-38997 IBM API Connect HOST header injection — API ConnectCWE-644 5.4 Medium2022-12-01
CVE-2022-41732 IBM Maximo information disclosure — Maximo MobileCWE-256 6.2 Medium2022-11-28
CVE-2022-40228 IBM DataPower Gateway session fixation — DataPower GatewayCWE-613 3.7 Low2022-11-22
CVE-2022-40746 IBM i 代码问题漏洞 — iCWE-77 7.2 High2022-11-21
CVE-2022-22488 IBM OpenBMC denial of service — OpenBMC 4.9 Medium2022-11-18
CVE-2022-38390 IBM Business Automation Workflow 跨站脚本漏洞 — Business Automation WorkflowCWE-79 5.4 Medium2022-11-17
CVE-2022-40751 IBM UrbanCode Deploy information disclosure — UrbanCode DeployCWE-522 4.9 Medium2022-11-17
CVE-2022-34354 IBM Sterling Partner Engagement Manager information disclosure — Partner Engagement ManagerCWE-922 4.0 Medium2022-11-16
CVE-2022-40752 IBM InfoSphere DataStage Flow Designer 命令注入漏洞 — InfoSphere DataStageCWE-77 9.8 Critical2022-11-16
CVE-2022-34320 IBM CICS TX information disclosure — CICS TXCWE-327 5.9 Medium2022-11-14
CVE-2022-34317 IBM CICS TX cross-site scripting — CICS TXCWE-79 5.4 Medium2022-11-14
CVE-2022-34318 IBM CICS TX clickjacking — CICS TX 5.4 Medium2022-11-14
CVE-2022-34316 IBM CICS TX information disclosure — CICS TXCWE-644 3.7 Low2022-11-14
CVE-2022-34314 IBM CICS TX 信息泄露漏洞 — CICS TXCWE-200 4.0 Medium2022-11-14
CVE-2022-34315 IBM CICS TX cross-site scripting — CICS TXCWE-79 5.4 Medium2022-11-14
CVE-2022-38705 IBM CICS TX phishing — CICS TX 5.3 Medium2022-11-14
CVE-2022-34312 IBM CICS TX information disclosure — CICS TXCWE-200 4.0 Medium2022-11-14
CVE-2022-34329 IBM CICS TX information disclosure — CICS TXCWE-200 5.3 Medium2022-11-14
CVE-2022-34319 IBM CICS TX information disclosure — CICS TXCWE-327 5.9 Medium2022-11-14
CVE-2022-34313 IBM CICS TX Standard is vulnerable to allowing attackers access to an application via insecure session cookies — CICS TXCWE-200 4.3 Medium2022-11-14
CVE-2022-35719 IBM MQ Internet Pass-Thru 日志日志信息泄露漏洞 — MQ Internet Pass-ThruCWE-532 5.1 Medium2022-11-14
CVE-2022-31772 IBM MQ denial of service — MQCWE-20 5.3 Medium2022-11-11
CVE-2022-40753 IBM InfoSphere Information Server cross-site scripting — InfoSphere Information ServerCWE-79 5.4 Medium2022-11-11

This page lists every published CVE security advisory associated with IBM. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.