Vulnerabilities in IBM

4,759 results
Vexday analysis

Com 4.716 CVEs catalogadas, o portfólio da IBM acumula um volume expressivo de vulnerabilidades, embora sua taxa de exploração ativa — 5 entradas no catálogo KEV da CISA, representando 0,11% do total — esteja abaixo da média geral do catálogo (0,45%), o que sugere menor aproveitamento ativo em comparação proporcional com outros vendors. A atenção deve se concentrar em CVE-2022-47986, cuja pontuação EPSS de 0,9997 indica probabilidade extremamente elevada de exploração ativa, tornando-a prioridade imediata de mitigação. As 92 CVEs críticas e 18 com PoC pública ampliam a superfície de risco concreto, especialmente considerando que 129 novas vulnerabilidades surgiram nos últimos 90 dias, indicando ritmo relevante de descoberta recente. O tipo de falha mais recorrente, CWE-79 (Cross-Site Scripting), aponta para fragilidades persistentes na camada de apresentação que exigem atenção continuada em práticas de desenvolvimento e validação de entrada.

CVE-2018-1509LOWIBM Security Guardium EcoSystem 10.5 does not validate, or incorrectly validates, a certificate.This weakness might allow an attacker to spoEPSS 0.9%CVE-2022-36769HIGHIBM Cloud Pak for Data file uploadEPSS 0.9%CVE-2022-22353MEDIUMIBM Big SQL on IBM Cloud Pak for Data 7.1.0, 7.1.1, 7.2.0, and 7.2.3 could allow an authenticated user with appropriate permissions to obtaiEPSS 0.9%CVE-2023-35895MEDIUMIBM Informix JDBC code executionEPSS 0.9%CVE-2019-4056MEDIUMIBM Maximo Asset Management 7.6 Work Centers' application does not validate file type upon upload, allowing attackers to upload malicious fiEPSS 0.9%CVE-2021-38905MEDIUMIBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow an authenticated user to view report pages that they should not have access to. EPSS 0.9%CVE-2021-29700MEDIUMIBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authneticated attacker to obtain sensitive information fEPSS 0.9%CVE-2017-1292IBM Maximo Asset Management 7.5 and 7.6 generates error messages that could reveal sensitive information that could be used in further attacEPSS 0.9%CVE-2022-35639HIGHIBM Sterling Partner Engagement Manager 6.1, 6.2, and Cloud 22.2 do not limit the length of a connection which could cause the server to becEPSS 0.9%CVE-2021-39041LOWIBM QRadar SIEM 7.3, 7.4, and 7.5 may be vulnerable to partial denial of service attack, resulting in some protocols not listening to specifEPSS 0.9%CVE-2026-10109CRITICALIBM® Db2® is vulnerable to remote code execution due to improper pre-auth DRDA handshake handlingEPSS 0.9%CVE-2023-32330HIGHIBM Security Verify Access man in the middleEPSS 0.9%CVE-2020-4490MEDIUMIBM Business Automation Workflow 18 and 19, and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to bypass securEPSS 0.9%CVE-2023-27554MEDIUMIBM WebSphere Application Server XML external entity injectionEPSS 0.9%CVE-2024-56347CRITICALIBM AIX command executionEPSS 0.9%CVE-2022-41731HIGHIBM Watson Knowledge Catalog on Cloud Pak SQL injectionEPSS 0.9%CVE-2021-38978MEDIUMIBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information, caused by the failuEPSS 0.9%CVE-2020-4482MEDIUMIBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could allow an authenticated user to bypass security. A user with access tEPSS 0.9%CVE-2023-33850HIGHIBM GSKit-Crypto information disclosureEPSS 0.9%CVE-2022-32757HIGHIBM Security Directory Suite VA information disclosureEPSS 0.9%