Vulnerabilities in IBM

4,759 results
Vexday analysis

Com 4.716 CVEs catalogadas, o portfólio da IBM acumula um volume expressivo de vulnerabilidades, embora sua taxa de exploração ativa — 5 entradas no catálogo KEV da CISA, representando 0,11% do total — esteja abaixo da média geral do catálogo (0,45%), o que sugere menor aproveitamento ativo em comparação proporcional com outros vendors. A atenção deve se concentrar em CVE-2022-47986, cuja pontuação EPSS de 0,9997 indica probabilidade extremamente elevada de exploração ativa, tornando-a prioridade imediata de mitigação. As 92 CVEs críticas e 18 com PoC pública ampliam a superfície de risco concreto, especialmente considerando que 129 novas vulnerabilidades surgiram nos últimos 90 dias, indicando ritmo relevante de descoberta recente. O tipo de falha mais recorrente, CWE-79 (Cross-Site Scripting), aponta para fragilidades persistentes na camada de apresentação que exigem atenção continuada em práticas de desenvolvimento e validação de entrada.

CVE-2019-4606HIGHIBM DB2 High Performance Unload load for LUW 6.1 and 6.5 could allow a local attacker to execute arbitrary code on the system, caused by an EPSS 0.4%CVE-2024-31912HIGHIBM MQ privilege escalationEPSS 0.4%CVE-2025-36319MEDIUMVulnerabilities found in Watson Data IntelligenceEPSS 0.4%CVE-2024-49781HIGHIBM OpenPages XML external entity injectionEPSS 0.4%CVE-2025-13459LOWIBM Aspera Console Denial of ServiceEPSS 0.4%CVE-2023-30996MEDIUMIBM Cognos Analytics cross-origin resource sharingEPSS 0.4%CVE-2017-1720IBM Notes 8.5 and 9.0 could allow a local attacker to execute arbitrary commands by carefully crafting a command line sent via the shared meEPSS 0.4%CVE-2021-39015MEDIUMIBM Engineering Lifecycle Optimization - Publishing 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows uEPSS 0.4%CVE-2021-39028MEDIUMIBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTTP header injection, caused by EPSS 0.4%CVE-2025-36047MEDIUMIBM WebSphere Application Server Liberty denial of serviceEPSS 0.4%CVE-2022-32750MEDIUMIBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to crEPSS 0.4%CVE-2022-31774MEDIUMIBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to crEPSS 0.4%CVE-2021-29790MEDIUMIBM Engineering Requirements Quality Assistant On-Premises (All versions) is vulnerable to cross-site scripting. This vulnerability allows uEPSS 0.4%CVE-2021-29788MEDIUMIBM Engineering Requirements Quality Assistant On-Premises (All versions) is vulnerable to cross-site scripting. This vulnerability allows uEPSS 0.4%CVE-2022-34358MEDIUMIBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in thEPSS 0.4%CVE-2021-39035MEDIUMIBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 is vulnerable to EPSS 0.4%CVE-2026-11906MEDIUMIBM® Db2® federated server is vulnerable to a denial of service due to improper neutralization of special elements in the data query logic of XMLTable-derived columns by autheticated userEPSS 0.4%CVE-2022-38709MEDIUMIBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 for Cloud Pak is vulnerable to cross-site scripting. This vulnerability allows useEPSS 0.4%CVE-2024-39751MEDIUMIBM InfoSphere Information Server information disclosureEPSS 0.4%CVE-2020-4258HIGHIBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruptioEPSS 0.4%