Vulnerabilities in IBM

4,761 results
Vexday analysis

Com 4.716 CVEs catalogadas, o portfólio da IBM acumula um volume expressivo de vulnerabilidades, embora sua taxa de exploração ativa — 5 entradas no catálogo KEV da CISA, representando 0,11% do total — esteja abaixo da média geral do catálogo (0,45%), o que sugere menor aproveitamento ativo em comparação proporcional com outros vendors. A atenção deve se concentrar em CVE-2022-47986, cuja pontuação EPSS de 0,9997 indica probabilidade extremamente elevada de exploração ativa, tornando-a prioridade imediata de mitigação. As 92 CVEs críticas e 18 com PoC pública ampliam a superfície de risco concreto, especialmente considerando que 129 novas vulnerabilidades surgiram nos últimos 90 dias, indicando ritmo relevante de descoberta recente. O tipo de falha mais recorrente, CWE-79 (Cross-Site Scripting), aponta para fragilidades persistentes na camada de apresentação que exigem atenção continuada em práticas de desenvolvimento e validação de entrada.

CVE-2025-36159MEDIUMIBM Concert Improper Log NeutralizationEPSS 0.1%CVE-2025-1139MEDIUMIBM Edge Application Manager incorrect permissionsEPSS 0.1%CVE-2025-36411LOWMultiple vulnerabilities found in IBM ApplinX.EPSS 0.1%CVE-2025-14115HIGHIBM Sterling Connect:Direct for UNIX Container is affected by vulnerability where hard-coded credentials are embeeded in the product for its internal use.EPSS 0.1%CVE-2026-5515MEDIUMIBM App Connect Enterprise is vulnerable to a confidential disclosureEPSS 0.1%CVE-2025-33088HIGHMultiple Vulnerabilities in IBM Concert Software.EPSS 0.1%CVE-2026-6053MEDIUMIBM® Db2® is vulnerable to a denial of service when a specially crafted query is run with range partitioned tablesEPSS 0.1%CVE-2024-45675HIGHIBM Informix Dynamic Server Authentication BypassEPSS 0.1%CVE-2024-45636MEDIUMIBM Security QRadar EDR Software has a vulnerability where user credentials may be stored in plain text, potentially exposing sensitive information.EPSS 0.1%CVE-2025-36100MEDIUMIBM MQ information disclosureEPSS 0.1%CVE-2025-36335MEDIUMVulnerabilities foundEPSS 0.1%CVE-2025-12708MEDIUMMultiple Vulnerabilities in IBM Concert SoftwareEPSS 0.1%CVE-2026-4364MEDIUMSecurity Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify AccessEPSS 0.1%CVE-2025-36059MEDIUMMultiple security vulnerabilities are addressed in IBM Business Automation Workflow Containers fixes December 2025EPSS 0.1%CVE-2025-33081LOWMultiple Vulnerabilities in IBM Concert Software.EPSS 0.1%CVE-2025-1351MEDIUMIBM Storage Virtualize privilege escalationEPSS 0.1%CVE-2025-36154MEDIUMIBM Concert Software Cleartext Storage in a File or on Disk.EPSS 0.1%CVE-2025-36105MEDIUMIBM Planning Analytics Advanced Certified Containers is vulnerable to a sensitive information disclosure vulnerabilityEPSS 0.1%CVE-2023-37396LOWIBM Aspera Faspex information disclosureEPSS 0.1%CVE-2023-37397LOWIBM Aspera Faspex data manipulationEPSS 0.1%