Vulnerabilities in IBM

4,759 results
Vexday analysis

Com 4.716 CVEs catalogadas, o portfólio da IBM acumula um volume expressivo de vulnerabilidades, embora sua taxa de exploração ativa — 5 entradas no catálogo KEV da CISA, representando 0,11% do total — esteja abaixo da média geral do catálogo (0,45%), o que sugere menor aproveitamento ativo em comparação proporcional com outros vendors. A atenção deve se concentrar em CVE-2022-47986, cuja pontuação EPSS de 0,9997 indica probabilidade extremamente elevada de exploração ativa, tornando-a prioridade imediata de mitigação. As 92 CVEs críticas e 18 com PoC pública ampliam a superfície de risco concreto, especialmente considerando que 129 novas vulnerabilidades surgiram nos últimos 90 dias, indicando ritmo relevante de descoberta recente. O tipo de falha mais recorrente, CWE-79 (Cross-Site Scripting), aponta para fragilidades persistentes na camada de apresentação que exigem atenção continuada em práticas de desenvolvimento e validação de entrada.

CVE-2020-4668MEDIUMIBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.3, and 6.1.1.0 is vulnerable to cross-site requeEPSS 0.4%CVE-2023-47726HIGHIBM QRadar Suite improper input validationEPSS 0.4%CVE-2023-40684MEDIUMIBM Content Navigator cross-site scriptingEPSS 0.4%CVE-2017-1422IBM MaaS360 DTM all versions up to 3.81 does not perform proper verification for user rights of certain applications which could disclose seEPSS 0.4%CVE-2019-4654LOWIBM QRadar 7.3.0 to 7.3.3 Patch 2 does not validate, or incorrectly validates, a certificate which could allow an attacker to spoof a trusteEPSS 0.4%CVE-2020-4996MEDIUMIBM Security Identity Governance and Intelligence 5.2.6 could allow a local user to obtain sensitive information via the capturing of screenEPSS 0.4%CVE-2023-28529MEDIUMIBM InfoSphere Information Server 11.7EPSS 0.4%CVE-2024-40706MEDIUMIBM InfoSphere Information Server information disclosureEPSS 0.4%CVE-2025-36328MEDIUMError Message Containing Sensitive Information found in Watson Data IntelligenceEPSS 0.4%CVE-2017-1787MEDIUMIBM Publishing Engine 2.1.2 and 6.0.5 contains an undisclosed vulnerability that could allow a local user with administrative privileges to EPSS 0.4%CVE-2021-29742HIGHIBM Security Verify Access Docker 10.0.0 could allow a user to impersonate another user on the system. IBM X-Force ID: 201483.EPSS 0.4%CVE-2023-35018LOWIBM Security Verify Governance file uploadEPSS 0.4%CVE-2022-22387MEDIUMIBM Application Gateway is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the WebEPSS 0.4%CVE-2024-49338MEDIUMIBM App Connect Enterprise information disclosureEPSS 0.4%CVE-2021-20450MEDIUMIBM Cognos Controller information disclosureEPSS 0.4%CVE-2022-35646MEDIUMIBM Security Verify Governance, Identity Manager security bypassEPSS 0.4%CVE-2024-39725MEDIUMIBM Engineering Lifecycle Optimization - Engineering Insights information disclosureEPSS 0.4%CVE-2019-4265LOWIBM Maximo Anywhere 7.6.0, 7.6.1, 7.6.2, and 7.6.3 does not have device root detection which could result in an attacker gaining sensitive iEPSS 0.4%CVE-2020-4799HIGHIBM Informix spatial 14.10 could allow a local user to execute commands as a privileged user due to an out of bounds write vulnerability. IBEPSS 0.4%CVE-2024-39736MEDIUMIBM Datacap Navigator HTTP HOST header injectionEPSS 0.4%