Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

IBM — Vulnerabilities & Security Advisories 4629

Browse all 4629 CVE security advisories affecting IBM. AI-powered Chinese analysis, POCs, and references for each vulnerability.

IBM operates as a multinational technology and consulting corporation, primarily providing enterprise software, hybrid cloud services, and artificial intelligence solutions. Its extensive portfolio, including the Red Hat OpenShift platform and Watson AI suite, creates a broad attack surface that has historically been associated with Remote Code Execution (RCE) vulnerabilities, particularly within web application frameworks and middleware. Cross-site scripting (XSS) and privilege escalation flaws also frequently appear in its legacy enterprise applications and containerized environments. While the company maintains robust security protocols, past incidents have included data breaches affecting customer information and supply chain compromises. The high volume of recorded Common Vulnerabilities and Exposures (CVEs) reflects the complexity and scale of its global infrastructure rather than inherent systemic failure, though it necessitates rigorous patch management and continuous monitoring for enterprise clients relying on its diverse technological stack.

Found 41 results / 4629Clear Filters
Top products by IBM: DB2 for Linux, UNIX and Windows InfoSphere Information Server Sterling B2B Integrator WebSphere Application Server Security Guardium QRadar SIEM Cognos Analytics MQ Maximo Asset Management API Connect Rational Quality Manager Rational Collaborative Lifecycle Management Security Key Lifecycle Manager i AIX Spectrum Protect Plus Robotic Process Automation Spectrum Scale UrbanCode Deploy Cognos Controller Aspera Faspex Sterling File Gateway Rational DOORS Next Generation Security Identity Governance and Intelligence Cloud Pak for Security Cloud Pak System Concert Financial Transaction Manager Content Navigator Jazz Reporting Service
CVE IDTitleCVSSSeverityPublished
CVE-2025-36171 IBM Aspera Faspex denial of service — Aspera FaspexCWE-770 4.9 Medium2025-10-09
CVE-2025-36225 IBM Aspera Faspex information disclosure — Aspera FaspexCWE-203 4.3 Medium2025-10-09
CVE-2023-37401 IBM Aspera Faspex cross-origin resource sharing — Aspera FaspexCWE-942 5.3 Medium2025-10-09
CVE-2025-36040 IBM Aspera Faspex session fixation — Aspera FaspexCWE-613 6.5 Medium2025-07-30
CVE-2025-36039 IBM Aspera Faspex bypass security — Aspera FaspexCWE-602 6.5 Medium2025-07-30
CVE-2025-33138 IBM Aspera Faspex HTML injection — Aspera FaspexCWE-80 5.4 Medium2025-05-22
CVE-2025-33137 IBM Aspera Faspex data modification — Aspera FaspexCWE-602 7.1 High2025-05-22
CVE-2025-33136 IBM Aspera Faspex data modification — Aspera FaspexCWE-471 7.1 High2025-05-22
CVE-2025-3423 IBM Aspera Faspex 5 cross-site scripting — Aspera FaspexCWE-79 5.4 Medium2025-04-13
CVE-2023-35907 IBM Aspera Faspex information disclosure — Aspera FaspexCWE-521 5.9 Medium2025-01-29
CVE-2023-37413 IBM Aspera Faspex information disclosure — Aspera FaspexCWE-204 5.3 Medium2025-01-29
CVE-2023-37398 IBM Aspera Faspex information disclosure — Aspera FaspexCWE-521 5.9 Medium2025-01-29
CVE-2023-37412 IBM Aspera Faspex improper access control — Aspera FaspexCWE-250 4.4 Medium2025-01-29
CVE-2023-37395 IBM Aspera Faspex information disclosure — Aspera FaspexCWE-327 2.5 Low2024-12-11
CVE-2024-45097 IBM Aspera Faspex bypass security — Aspera FaspexCWE-650 5.9 Medium2024-09-05
CVE-2024-45096 IBM Aspera Faspex information disclosure — Aspera FaspexCWE-548 6.5 Medium2024-09-05
CVE-2024-45098 IBM Aspera Faspex bypass security — Aspera FaspexCWE-650 6.8 Medium2024-09-05
CVE-2023-37411 IBM Aspera Faspex cross-site scripting — Aspera FaspexCWE-79 4.8 Medium2024-05-28
CVE-2022-40745 IBM Aspera Faspex information disclosure — Aspera FaspexCWE-326 5.5 Medium2024-04-19
CVE-2023-37397 IBM Aspera Faspex data manipulation — Aspera FaspexCWE-326 3.6 Low2024-04-19
CVE-2023-27279 IBM Aspera Faspex denial of service — Aspera FaspexCWE-799 6.5 Medium2024-04-19
CVE-2023-37396 IBM Aspera Faspex information disclosure — Aspera FaspexCWE-327 2.5 Low2024-04-19
CVE-2023-22869 IBM Aspera Faspex information disclosure — Aspera FaspexCWE-532 5.5 Medium2024-04-19
CVE-2023-37400 IBM Aspera Faspex privilege escalation — Aspera FaspexCWE-522 7.8 High2024-04-19
CVE-2022-22399 IBM Aspera Faspex HTTP header injection — Aspera FaspexCWE-644 5.4 Medium2024-03-05
CVE-2022-40744 IBM Aspera Faspex cross-site scripting — Aspera FaspexCWE-79 4.8 Medium2024-02-02
CVE-2022-22402 IBM Aspera Faspex cross-site scripting — Aspera FaspexCWE-79 5.4 Medium2023-09-08
CVE-2022-22401 IBM Aspera Faspex information disclosure — Aspera Faspex 5.9 Medium2023-09-08
CVE-2022-22409 IBM Aspera Faspex information disclosure — Aspera FaspexCWE-200 5.3 Medium2023-09-08
CVE-2023-30995 IBM Aspera Faspex improper access control — Aspera Faspex 7.5 High2023-09-08

This page lists every published CVE security advisory associated with IBM. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.