Vulnerabilities in IBM

4,761 results
Vexday analysis

Com 4.716 CVEs catalogadas, o portfólio da IBM acumula um volume expressivo de vulnerabilidades, embora sua taxa de exploração ativa — 5 entradas no catálogo KEV da CISA, representando 0,11% do total — esteja abaixo da média geral do catálogo (0,45%), o que sugere menor aproveitamento ativo em comparação proporcional com outros vendors. A atenção deve se concentrar em CVE-2022-47986, cuja pontuação EPSS de 0,9997 indica probabilidade extremamente elevada de exploração ativa, tornando-a prioridade imediata de mitigação. As 92 CVEs críticas e 18 com PoC pública ampliam a superfície de risco concreto, especialmente considerando que 129 novas vulnerabilidades surgiram nos últimos 90 dias, indicando ritmo relevante de descoberta recente. O tipo de falha mais recorrente, CWE-79 (Cross-Site Scripting), aponta para fragilidades persistentes na camada de apresentação que exigem atenção continuada em práticas de desenvolvimento e validação de entrada.

CVE-2023-35024MEDIUMIBM Cloud Pak for Business Automation cross-site scriptingEPSS 0.4%CVE-2024-25051MEDIUMIBM Jazz Reporting Service insufficient session expirationEPSS 0.4%CVE-2018-1505MEDIUMIBM i2 Enterprise Insight Analysis 2.1.7 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force EPSS 0.4%CVE-2018-1568MEDIUMIBM QRadar SIEM 7.2 and 7.3 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 143118.EPSS 0.4%CVE-2024-45098MEDIUMIBM Aspera Faspex bypass securityEPSS 0.4%CVE-2024-45659MEDIUMIBM Security Verify Access information disclosureEPSS 0.4%CVE-2018-1992MEDIUMThe IBM Power 9 OP910, OP920, and FW910 boot firmware's bootloader is responsible for loading and validating the initial boot firmware imageEPSS 0.4%CVE-2024-37532HIGHIBM WebSphere Application Server identity spoofingEPSS 0.4%CVE-2019-4620HIGHIBM MQ Appliance 8.0 and 9.0 LTS could allow a local attacker to bypass security restrictions caused by improper validation of environment vEPSS 0.4%CVE-2020-4928MEDIUMIBM Cloud Pak System 2.3 could allow a local privileged attacker to upload arbitrary files. By intercepting the request and modifying the fiEPSS 0.4%CVE-2019-4259MEDIUMA security vulnerability has been identified in IBM Spectrum Scale 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, and 5.0.0 with CES stack enabled that EPSS 0.4%CVE-2019-4145HIGHIBM Security Access Manager 9.0.1 through 9.0.6 could reveal highly sensitive in specialized conditions to a local user which could be used EPSS 0.4%CVE-2024-35160MEDIUMIBM Watson Query on Cloud Pak for Data and IBM Db2 Big SQL on Cloud Pak for Data information disclosureEPSS 0.4%CVE-2025-33122HIGHIBM i privilege escalationEPSS 0.4%CVE-2025-36222HIGHIBM Fusion insecure default configurationEPSS 0.4%CVE-2019-4691MEDIUMIBM Security Guardium Data Encryption (GDE) 3.0.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrarEPSS 0.4%CVE-2025-13379HIGHA SQL Injection vulnerability has been addressed in IBM Aspera ConsoleEPSS 0.4%CVE-2019-4381MEDIUMIBM i 7.27.3 Clustering could allow a local attacker to obtain sensitive information, caused by the use of advanced node failure detection uEPSS 0.4%CVE-2023-30433MEDIUMIBM Security Verify Access HTTP open redirectEPSS 0.4%CVE-2019-4132MEDIUMIBM Cloud Automation Manager 3.1.2 could allow a user to be impropertly redirected and obtain sensitive information rather than receive a 40EPSS 0.4%