Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

IBM — Vulnerabilities & Security Advisories 4629

Browse all 4629 CVE security advisories affecting IBM. AI-powered Chinese analysis, POCs, and references for each vulnerability.

IBM operates as a multinational technology and consulting corporation, primarily providing enterprise software, hybrid cloud services, and artificial intelligence solutions. Its extensive portfolio, including the Red Hat OpenShift platform and Watson AI suite, creates a broad attack surface that has historically been associated with Remote Code Execution (RCE) vulnerabilities, particularly within web application frameworks and middleware. Cross-site scripting (XSS) and privilege escalation flaws also frequently appear in its legacy enterprise applications and containerized environments. While the company maintains robust security protocols, past incidents have included data breaches affecting customer information and supply chain compromises. The high volume of recorded Common Vulnerabilities and Exposures (CVEs) reflects the complexity and scale of its global infrastructure rather than inherent systemic failure, though it necessitates rigorous patch management and continuous monitoring for enterprise clients relying on its diverse technological stack.

Found 43 results / 4629Clear Filters
Top products by IBM: DB2 for Linux, UNIX and Windows InfoSphere Information Server Sterling B2B Integrator WebSphere Application Server Security Guardium QRadar SIEM Cognos Analytics MQ Maximo Asset Management API Connect Rational Quality Manager Rational Collaborative Lifecycle Management Security Key Lifecycle Manager i AIX Spectrum Protect Plus Robotic Process Automation Spectrum Scale UrbanCode Deploy Cognos Controller Aspera Faspex Sterling File Gateway Rational DOORS Next Generation Security Identity Governance and Intelligence Cloud Pak for Security Cloud Pak System Concert Financial Transaction Manager Content Navigator Jazz Reporting Service
CVE IDTitleCVSSSeverityPublished
CVE-2025-36326 IBM Controller information disclosure — Cognos ControllerCWE-321 3.7 Low2025-09-26
CVE-2022-39163 IBM Cognos Controller HTTP response smuggling — Cognos ControllerCWE-444 4.7 Medium2025-03-26
CVE-2023-47160 IBM Cognos Controller XML external entity injection — Cognos ControllerCWE-611 8.2 High2025-02-19
CVE-2024-28777 IBM Cognos Controller code execution — Cognos ControllerCWE-502 8.8 High2025-02-19
CVE-2024-28776 IBM Cognos Controller cross-site scripting — Cognos ControllerCWE-79 5.4 Medium2025-02-19
CVE-2024-28780 IBM Cognos Controller information disclosure — Cognos ControllerCWE-327 5.9 Medium2025-02-19
CVE-2024-45081 IBM Cognos Controller incorrect authorization — Cognos ControllerCWE-863 6.5 Medium2025-02-19
CVE-2024-45084 IBM Cognos Controller CSV injection — Cognos ControllerCWE-1236 8.0 High2025-02-19
CVE-2024-52902 IBM Cognos Controller information disclosure — Cognos ControllerCWE-798 8.8 High2025-02-19
CVE-2024-41775 IBM Cognos Controller information disclosure — Cognos ControllerCWE-327 5.9 Medium2024-12-03
CVE-2024-25020 IBM Cognos Controller file upload — Cognos ControllerCWE-434 5.5 Medium2024-12-03
CVE-2024-41776 IBM Cognos Controller cross-site request forgery — Cognos ControllerCWE-352 6.5 Medium2024-12-03
CVE-2024-41777 IBM Cognos Controller hard coded credentials — Cognos ControllerCWE-798 7.5 High2024-12-03
CVE-2024-45676 IBM Cognos Controller file upload — Cognos ControllerCWE-351 4.3 Medium2024-12-03
CVE-2024-25036 IBM Cognos Controller authentication bypass — Cognos ControllerCWE-288 4.3 Medium2024-12-03
CVE-2024-25035 IBM Cognos Controller information disclosure — Cognos ControllerCWE-497 5.3 Medium2024-12-03
CVE-2024-40691 IBM Cognos Controller file upload — Cognos ControllerCWE-434 8.0 High2024-12-03
CVE-2024-25019 IBM Cognos Controller file upload — Cognos ControllerCWE-434 5.5 Medium2024-12-03
CVE-2021-29892 IBM Cognos Controller information disclosure — Cognos ControllerCWE-319 5.9 Medium2024-12-03
CVE-2023-40695 IBM Cognos Controller session fixation — Cognos ControllerCWE-613 6.3 Medium2024-05-03
CVE-2021-20451 IBM Cognos Controller SQL injection — Cognos ControllerCWE-89 6.0 Medium2024-05-03
CVE-2022-22364 IBM Cognos Controller security bypass — Cognos ControllerCWE-350 5.3 Medium2024-05-03
CVE-2023-28952 IBM Cognos Controller log injection — Cognos ControllerCWE-117 5.3 Medium2024-05-03
CVE-2023-38724 IBM Cognos Controller SQL injection — Cognos ControllerCWE-89 6.3 Medium2024-05-03
CVE-2023-40696 IBM Cognos Controller information disclosure — Cognos ControllerCWE-327 5.9 Medium2024-05-03
CVE-2021-20556 IBM Cognos Controller information disclosure — Cognos ControllerCWE-204 5.3 Medium2024-05-03
CVE-2023-23474 IBM Cognos Controller information disclosure — Cognos ControllerCWE-209 3.7 Low2024-05-03
CVE-2021-20450 IBM Cognos Controller information disclosure — Cognos Controller 4.3 Medium2024-05-03
CVE-2020-4874 IBM Cognos Controller information disclosure — Cognos ControllerCWE-327 5.9 Medium2024-05-03
CVE-2020-4879 IBM Cognos Controller 授权问题漏洞 — Cognos Controller 6.5 -2022-01-21

This page lists every published CVE security advisory associated with IBM. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.