Vulnerabilities in IBM

4,759 results
Vexday analysis

Com 4.716 CVEs catalogadas, o portfólio da IBM acumula um volume expressivo de vulnerabilidades, embora sua taxa de exploração ativa — 5 entradas no catálogo KEV da CISA, representando 0,11% do total — esteja abaixo da média geral do catálogo (0,45%), o que sugere menor aproveitamento ativo em comparação proporcional com outros vendors. A atenção deve se concentrar em CVE-2022-47986, cuja pontuação EPSS de 0,9997 indica probabilidade extremamente elevada de exploração ativa, tornando-a prioridade imediata de mitigação. As 92 CVEs críticas e 18 com PoC pública ampliam a superfície de risco concreto, especialmente considerando que 129 novas vulnerabilidades surgiram nos últimos 90 dias, indicando ritmo relevante de descoberta recente. O tipo de falha mais recorrente, CWE-79 (Cross-Site Scripting), aponta para fragilidades persistentes na camada de apresentação que exigem atenção continuada em práticas de desenvolvimento e validação de entrada.

CVE-2023-38264MEDIUMIBM SDK, Java Technology Edition denial of serviceEPSS 0.8%CVE-2026-8633CRITICALIBM WebSphere Application Server and WebSphere Application Server Liberty are affected by multiple vulnerabilities when using when using Web Server Plug-insEPSS 0.8%CVE-2024-27266HIGHIBM Maximo Application Suite XML external entity injectionEPSS 0.8%CVE-2020-4503MEDIUMIBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code iEPSS 0.8%CVE-2017-1325IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web EPSS 0.8%CVE-2018-1944MEDIUMIBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance contains hard-coded credentials, such as a password EPSS 0.8%CVE-2018-1818MEDIUMIBM Security Guardium 10 and 10.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbounEPSS 0.8%CVE-2024-22328HIGHIBM Maximo Application Suite information disclosureEPSS 0.8%CVE-2022-22356MEDIUMIBM MQ Appliance 9.2 CD and 9.2 LTS could allow an attacker to enumerate account credentials due to an observable discrepancy in valid and iEPSS 0.8%CVE-2023-47706MEDIUMIBM Security Guardium Key Lifecycle Manager file uploadEPSS 0.8%CVE-2022-35715MEDIUMIBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error messageEPSS 0.8%CVE-2017-1179IBM BigFix Compliance Analytics 1.9.79 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly senEPSS 0.8%CVE-2018-1466IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, EPSS 0.8%CVE-2017-1664IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypEPSS 0.8%CVE-2017-1256IBM Security Guardium 10.0, 10.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code iEPSS 0.8%CVE-2017-1271IBM Security Guardium 9.0, 9.1, and 9.5 supports interaction between multiple actors and allows those actors to negotiate which algorithm shEPSS 0.8%CVE-2021-20582LOWIBM Security Secret Server up to 11.0 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorizeEPSS 0.8%CVE-2022-22483MEDIUMIBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to an information disclosure in some scenarios due to unauEPSS 0.8%CVE-2022-22441MEDIUMIBM InfoSphere Information Server 11.7 could allow an authenticated user to view information of higher privileged users and groups due to a EPSS 0.8%CVE-2020-4184MEDIUMIBM Security Guardium 11.2 performs an operation at a privilege level that is higher than the minimum level required, which creates new weakEPSS 0.8%