Vulnerabilities in IBM

4,761 results
Vexday analysis

Com 4.716 CVEs catalogadas, o portfólio da IBM acumula um volume expressivo de vulnerabilidades, embora sua taxa de exploração ativa — 5 entradas no catálogo KEV da CISA, representando 0,11% do total — esteja abaixo da média geral do catálogo (0,45%), o que sugere menor aproveitamento ativo em comparação proporcional com outros vendors. A atenção deve se concentrar em CVE-2022-47986, cuja pontuação EPSS de 0,9997 indica probabilidade extremamente elevada de exploração ativa, tornando-a prioridade imediata de mitigação. As 92 CVEs críticas e 18 com PoC pública ampliam a superfície de risco concreto, especialmente considerando que 129 novas vulnerabilidades surgiram nos últimos 90 dias, indicando ritmo relevante de descoberta recente. O tipo de falha mais recorrente, CWE-79 (Cross-Site Scripting), aponta para fragilidades persistentes na camada de apresentação que exigem atenção continuada em práticas de desenvolvimento e validação de entrada.

CVE-2025-13916MEDIUMMultiple vulnerabilities have been addressed in IBM Aspera SharesEPSS 0.2%CVE-2023-33861MEDIUMIBM Security ReaQta improper certificate validationEPSS 0.2%CVE-2024-22314MEDIUMIBM Storage Defender - Resiliency Service information disclosureEPSS 0.2%CVE-2025-33101MEDIUMMultiple Vulnerabilities in IBM Concert Software.EPSS 0.2%CVE-2024-45643MEDIUMIBM QRadar EDR information disclosureEPSS 0.2%CVE-2022-43850MEDIUMIBM Aspera Console cross-site scriptingEPSS 0.2%CVE-2022-43847MEDIUMIBM Aspera Console HTTP header injectionEPSS 0.2%CVE-2023-42007MEDIUMIBM Sterling Control Center cross-site scriptingEPSS 0.2%CVE-2025-64647MEDIUMMultiple Vulnerabilities in IBM Concert SoftwareEPSS 0.2%CVE-2025-36125MEDIUMIBM Hardware Management Console - Power Systems cross-site scriptingEPSS 0.2%CVE-2026-1272LOWIBM Guardium Data Protection is affected by multiple vulnerabilitiesEPSS 0.2%CVE-2026-10140CRITICALCross-Tenant API Key Reuse and Billing Fraud in Langflow Voice Mode SubsystemEPSS 0.2%CVE-2026-6542MEDIUMMonitor API allows cross-user read of transaction logs and deletion of build data via flow_idEPSS 0.2%CVE-2024-45091MEDIUMIBM UrbanCode Deploy information disclosureEPSS 0.2%CVE-2023-50305MEDIUMIBM Engineering Requirements Management information disclosureEPSS 0.2%CVE-2020-4591LOWIBM Spectrum Protect Server 8.1.0.000 through 8.1.10.000 could disclose sensitive information in nondefault settings due to occasionally notEPSS 0.2%CVE-2025-33014MEDIUMIBM Sterling B2B Integrator and IBM Sterling File Gateway link injectionEPSS 0.2%CVE-2024-35138MEDIUMIBM Security Verify Access cross-site request forgeryEPSS 0.2%CVE-2025-66485MEDIUMMultiple vulnerabilities have been addressed in IBM Aspera SharesEPSS 0.2%CVE-2025-36361MEDIUMIBM App Connect Enterprise runtime is vulnerable to a lack of authorization on windows environments using IWAEPSS 0.2%