Vulnerabilities in IBM

4,759 results
Vexday analysis

Com 4.716 CVEs catalogadas, o portfólio da IBM acumula um volume expressivo de vulnerabilidades, embora sua taxa de exploração ativa — 5 entradas no catálogo KEV da CISA, representando 0,11% do total — esteja abaixo da média geral do catálogo (0,45%), o que sugere menor aproveitamento ativo em comparação proporcional com outros vendors. A atenção deve se concentrar em CVE-2022-47986, cuja pontuação EPSS de 0,9997 indica probabilidade extremamente elevada de exploração ativa, tornando-a prioridade imediata de mitigação. As 92 CVEs críticas e 18 com PoC pública ampliam a superfície de risco concreto, especialmente considerando que 129 novas vulnerabilidades surgiram nos últimos 90 dias, indicando ritmo relevante de descoberta recente. O tipo de falha mais recorrente, CWE-79 (Cross-Site Scripting), aponta para fragilidades persistentes na camada de apresentação que exigem atenção continuada em práticas de desenvolvimento e validação de entrada.

CVE-2020-4697MEDIUMIBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in tEPSS 0.6%CVE-2025-0823MEDIUMIBM MQ path traversalEPSS 0.6%CVE-2024-35136MEDIUMIBM Db2 denial of serviceEPSS 0.6%CVE-2024-31882MEDIUMIBM Db2 denial of serviceEPSS 0.6%CVE-2022-22365MEDIUMIBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, with the Ajax Proxy Web Application (AjaxProxy.war) deployed, is vulnerable to spooEPSS 0.6%CVE-2020-4617HIGHIBM Data Risk Manager (iDNA) 2.0.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthEPSS 0.6%CVE-2023-33857MEDIUMIBM InfoSphere Information Server information disclosureEPSS 0.6%CVE-2022-34163MEDIUMIBM CICS TX 11.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attEPSS 0.6%CVE-2017-1682IBM Connections 4.0, 4.5, 5.0, 5.5, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScEPSS 0.6%CVE-2017-1790IBM DOORS Next Generation (DNG/RRC) 5.0, 5.0.1, 5.0.2, and 6.0 through 6.0.5 is vulnerable to cross-site scripting. This vulnerability allowEPSS 0.6%CVE-2018-1382IBM API Connect 5.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the WebEPSS 0.6%CVE-2024-37529MEDIUMIBM Db2 denial of serviceEPSS 0.5%CVE-2024-31916HIGHIBM OpenBMC information disclosureEPSS 0.5%CVE-2022-43920MEDIUMIBM Sterling B2B Integrator Standard Edition privilege escalationEPSS 0.5%CVE-2022-22401MEDIUMIBM Aspera Faspex information disclosureEPSS 0.5%CVE-2023-50959MEDIUMIBM Cloud Pak for Business Automation information disclosureEPSS 0.5%CVE-2023-28512MEDIUMIBM Watson CP4D Data Stores improper input validationEPSS 0.5%CVE-2021-39018MEDIUMIBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose sensitive information in a SQL erroEPSS 0.5%CVE-2024-45076CRITICALIBM webMethods Integration code executionEPSS 0.5%CVE-2019-4212MEDIUMIBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized EPSS 0.5%