Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

IBM — Vulnerabilities & Security Advisories 4629

Browse all 4629 CVE security advisories affecting IBM. AI-powered Chinese analysis, POCs, and references for each vulnerability.

IBM operates as a multinational technology and consulting corporation, primarily providing enterprise software, hybrid cloud services, and artificial intelligence solutions. Its extensive portfolio, including the Red Hat OpenShift platform and Watson AI suite, creates a broad attack surface that has historically been associated with Remote Code Execution (RCE) vulnerabilities, particularly within web application frameworks and middleware. Cross-site scripting (XSS) and privilege escalation flaws also frequently appear in its legacy enterprise applications and containerized environments. While the company maintains robust security protocols, past incidents have included data breaches affecting customer information and supply chain compromises. The high volume of recorded Common Vulnerabilities and Exposures (CVEs) reflects the complexity and scale of its global infrastructure rather than inherent systemic failure, though it necessitates rigorous patch management and continuous monitoring for enterprise clients relying on its diverse technological stack.

Found 95 results / 4629Clear Filters
Top products by IBM: DB2 for Linux, UNIX and Windows InfoSphere Information Server Sterling B2B Integrator WebSphere Application Server Security Guardium QRadar SIEM Cognos Analytics MQ Maximo Asset Management API Connect Rational Quality Manager Rational Collaborative Lifecycle Management Security Key Lifecycle Manager i AIX Spectrum Protect Plus Robotic Process Automation Spectrum Scale UrbanCode Deploy Cognos Controller Aspera Faspex Sterling File Gateway Rational DOORS Next Generation Security Identity Governance and Intelligence Cloud Pak for Security Cloud Pak System Concert Financial Transaction Manager Content Navigator Jazz Reporting Service
CVE IDTitleCVSSSeverityPublished
CVE-2024-52900 IBM Cognos Analytics cross-site scripting — Cognos AnalyticsCWE-79 6.4 Medium2025-06-28
CVE-2025-0923 IBM Cognos Analytics information disclosure — Cognos AnalyticsCWE-540 5.3 Medium2025-06-11
CVE-2025-0917 IBM Cognos Analytics cross-site scripting — Cognos AnalyticsCWE-79 5.5 Medium2025-06-11
CVE-2025-25032 IBM Cognos Analytics denial of service — Cognos AnalyticsCWE-770 7.5 High2025-06-11
CVE-2024-56340 IBM Cognos Analytics path traversal — Cognos AnalyticsCWE-23 6.5 Medium2025-02-28
CVE-2025-0823 IBM MQ path traversal — Cognos AnalyticsCWE-22 6.5 Medium2025-02-28
CVE-2024-49352 IBM Cognos Anaytics XML external entity injection — Cognos AnalyticsCWE-611 7.1 High2025-02-05
CVE-2024-40695 IBM Cognos Analytics file upload — Cognos AnalyticsCWE-434 8.0 High2024-12-20
CVE-2024-51466 IBM Cognos Analytics expression language injection — Cognos AnalyticsCWE-917 9.0 Critical2024-12-20
CVE-2024-25042 IBM Cognos Analytics cross-site scripting — Cognos AnalyticsCWE-79 5.4 Medium2024-12-18
CVE-2024-45082 IBM Cognos Analytics HTTP open redirection — Cognos AnalyticsCWE-601 6.8 Medium2024-12-18
CVE-2024-41752 IBM Cognos Analytics HTML injection — Cognos AnalyticsCWE-80 5.4 Medium2024-12-18
CVE-2024-40703 IBM Cognos Analytics information disclosure — Cognos AnalyticsCWE-522 5.5 Medium2024-09-22
CVE-2024-25041 IBM Cognos Analytics cross-site scripting — Cognos AnalyticsCWE-79 5.4 Medium2024-06-28
CVE-2024-25053 IBM Cognos Analytics improper certificate validation — Cognos AnalyticsCWE-295 5.9 Medium2024-06-28
CVE-2024-25047 IBM Cognos Analytics log injection — Cognos AnalyticsCWE-117 8.6 High2024-05-02
CVE-2023-43051 IBM Cognos Analytics cross-site scripting — Cognos AnalyticsCWE-79 5.4 Medium2024-02-24
CVE-2022-34357 IBM Cognos Analytics Mobile Server denial of service — Cognos AnalyticsCWE-770 6.5 Medium2024-02-24
CVE-2023-30996 IBM Cognos Analytics cross-origin resource sharing — Cognos AnalyticsCWE-346 5.3 Medium2024-02-24
CVE-2023-32344 IBM Cognos Analytics cross-site request forgery — Cognos AnalyticsCWE-352 4.3 Medium2024-02-24
CVE-2023-38359 IBM Cognos Analytics cross-site scripting — Cognos AnalyticsCWE-79 6.1 Medium2024-02-24
CVE-2023-35011 IBM Cognos Analytics server-side request forgey — Cognos AnalyticsCWE-918 5.4 Medium2023-08-16
CVE-2023-35009 IBM Cognos Analytics information disclosure — Cognos AnalyticsCWE-209 5.3 Medium2023-08-16
CVE-2023-28530 IBM Cognos Analytics cross-site scripting — Cognos AnalyticsCWE-79 5.4 Medium2023-07-22
CVE-2023-25929 IBM Cognos Analytics cross-site scripting — Cognos AnalyticsCWE-79 4.6 Medium2023-07-22
CVE-2021-39036 IBM Cognos Analytics cross-site scripting — Cognos AnalyticsCWE-79 6.1 Medium2023-05-12
CVE-2022-39160 IBM Cognos Analytics cross-site scripting — Cognos AnalyticsCWE-79 6.1 Medium2022-12-19
CVE-2022-43883 IBM Cognos Analytics data manipulation — Cognos Analytics 6.5 Medium2022-12-19
CVE-2022-43887 IBM Cognos Analytics information disclosure — Cognos AnalyticsCWE-532 5.3 Medium2022-12-19
CVE-2022-38708 IBM Cognos Analytics server-side request forgery — Cognos AnalyticsCWE-918 6.5 Medium2022-12-19

This page lists every published CVE security advisory associated with IBM. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.