Vulnerabilities in IBM

4,761 results
Vexday analysis

Com 4.716 CVEs catalogadas, o portfólio da IBM acumula um volume expressivo de vulnerabilidades, embora sua taxa de exploração ativa — 5 entradas no catálogo KEV da CISA, representando 0,11% do total — esteja abaixo da média geral do catálogo (0,45%), o que sugere menor aproveitamento ativo em comparação proporcional com outros vendors. A atenção deve se concentrar em CVE-2022-47986, cuja pontuação EPSS de 0,9997 indica probabilidade extremamente elevada de exploração ativa, tornando-a prioridade imediata de mitigação. As 92 CVEs críticas e 18 com PoC pública ampliam a superfície de risco concreto, especialmente considerando que 129 novas vulnerabilidades surgiram nos últimos 90 dias, indicando ritmo relevante de descoberta recente. O tipo de falha mais recorrente, CWE-79 (Cross-Site Scripting), aponta para fragilidades persistentes na camada de apresentação que exigem atenção continuada em práticas de desenvolvimento e validação de entrada.

CVE-2025-2694MEDIUMIBM Sterling B2B Integrator cross-site scriptingEPSS 0.2%CVE-2024-55912MEDIUMIBM Concert Software information disclosureEPSS 0.2%CVE-2025-36139MEDIUMIBM watsonx.data cross-site scriptingEPSS 0.2%CVE-2025-14923MEDIUMIBM WebSphere Application Server Liberty could provide weaker than expected securityEPSS 0.2%CVE-2025-36153MEDIUMIBM Concert Cross-Site ScriptingEPSS 0.2%CVE-2022-22424MEDIUMIBM QRadar SIEM 7.3, 7.4, and 7.5 could allow a local user to obtain sensitive information from the TLS key file due to incorrect file permiEPSS 0.2%CVE-2020-4932MEDIUMIBM QRadar SIEM 7.3 and 7.4 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authEPSS 0.2%CVE-2021-20408HIGHIBM Security Verify Information Queue 1.0.6 and 1.0.7 could disclose highly sensitive information to a local user due to inproper storage ofEPSS 0.2%CVE-2025-33135MEDIUMIBM Financial Transaction Manager for ACH Services and Check Services is impacted by multiple vulnerabilitiesEPSS 0.2%CVE-2020-4884MEDIUMIBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 stores user credentials in plain in clear text which can be read by a local user. IEPSS 0.2%CVE-2025-36066MEDIUMMultiple vulnerabilities were addressed in IBM Sterling Connect:Express for UNIX.EPSS 0.2%CVE-2024-52898MEDIUMIBM MQ information disclosureEPSS 0.2%CVE-2025-25044MEDIUMIBM Planning Analytics Local cross-site scriptingEPSS 0.2%CVE-2023-45165MEDIUMIBM AIX denial of serviceEPSS 0.2%CVE-2024-31870LOWIBM i information disclosureEPSS 0.2%CVE-2023-43064HIGHIBM i code executionEPSS 0.2%CVE-2024-31890HIGHIBM i privilege escalationEPSS 0.2%CVE-2022-35719MEDIUMIBM MQ Internet Pass-Thru 2.1, 9.2 LTS and 9.2 CD stores potentially sensitive information in trace files that could be read by a local userEPSS 0.2%CVE-2017-1339IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) Server uses weak encryption for the password. A database administrator maEPSS 0.2%CVE-2025-2896MEDIUMIBM Planning Analytics Local cross-site scriptingEPSS 0.2%