Vulnerabilities in IBM

4,759 results
Vexday analysis

Com 4.716 CVEs catalogadas, o portfólio da IBM acumula um volume expressivo de vulnerabilidades, embora sua taxa de exploração ativa — 5 entradas no catálogo KEV da CISA, representando 0,11% do total — esteja abaixo da média geral do catálogo (0,45%), o que sugere menor aproveitamento ativo em comparação proporcional com outros vendors. A atenção deve se concentrar em CVE-2022-47986, cuja pontuação EPSS de 0,9997 indica probabilidade extremamente elevada de exploração ativa, tornando-a prioridade imediata de mitigação. As 92 CVEs críticas e 18 com PoC pública ampliam a superfície de risco concreto, especialmente considerando que 129 novas vulnerabilidades surgiram nos últimos 90 dias, indicando ritmo relevante de descoberta recente. O tipo de falha mais recorrente, CWE-79 (Cross-Site Scripting), aponta para fragilidades persistentes na camada de apresentação que exigem atenção continuada em práticas de desenvolvimento e validação de entrada.

CVE-2023-50324MEDIUMIBM Cognos Command Center information disclosureEPSS 0.4%CVE-2022-34307MEDIUMIBM CICS TX 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie valueEPSS 0.4%CVE-2021-20378MEDIUMIBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not invalidate session after logout which could allow an authenticated user to iEPSS 0.4%CVE-2018-1934MEDIUMIBM Cognos Business Intelligence 10.2.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and uEPSS 0.4%CVE-2024-51453MEDIUMIBM Sterling Secure Proxy directory traversalEPSS 0.4%CVE-2022-33162HIGHIBM Directory Server buffer overflowEPSS 0.4%CVE-2024-35143MEDIUMIBM Planning Analytics Local missing authenticationEPSS 0.4%CVE-2022-22334MEDIUMIBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user to access information from a tenant of which they should not haEPSS 0.4%CVE-2023-33852HIGHIBM Security Guardium SQL injectionEPSS 0.4%CVE-2022-33161MEDIUMIBM Security Directory Server information disclosureEPSS 0.4%CVE-2019-4702MEDIUMIBM Security Guardium Data Encryption (GDE) 3.0.0.2 specifies permissions for a security-critical resource in a way that allows that resourcEPSS 0.4%CVE-2018-1799MEDIUMIBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local unprivileged user to overwriEPSS 0.4%CVE-2023-23474LOWIBM Cognos Controller information disclosureEPSS 0.4%CVE-2022-38708MEDIUMIBM Cognos Analytics server-side request forgeryEPSS 0.4%CVE-2024-41739HIGHIBM Cognos Dashboards on Cloud Pak for Data privilege escalationEPSS 0.4%CVE-2023-38361MEDIUMIBM CICS TX Advanced information disclosureEPSS 0.4%CVE-2022-33167LOWIBM Security Directory Integrator information disclosureEPSS 0.4%CVE-2018-1655MEDIUMIBM AIX 5.3, 6.1, 7.1, and 7.2 contains a vulnerability in the rmsock command that may be used to expose kernel memory. IBM X-Force ID: 1447EPSS 0.4%CVE-2022-43845LOWIBM Aspera Console information disclosureEPSS 0.4%CVE-2020-4917MEDIUMIBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actEPSS 0.4%