Vulnerabilities in IBM

4,759 results
Vexday analysis

Com 4.716 CVEs catalogadas, o portfólio da IBM acumula um volume expressivo de vulnerabilidades, embora sua taxa de exploração ativa — 5 entradas no catálogo KEV da CISA, representando 0,11% do total — esteja abaixo da média geral do catálogo (0,45%), o que sugere menor aproveitamento ativo em comparação proporcional com outros vendors. A atenção deve se concentrar em CVE-2022-47986, cuja pontuação EPSS de 0,9997 indica probabilidade extremamente elevada de exploração ativa, tornando-a prioridade imediata de mitigação. As 92 CVEs críticas e 18 com PoC pública ampliam a superfície de risco concreto, especialmente considerando que 129 novas vulnerabilidades surgiram nos últimos 90 dias, indicando ritmo relevante de descoberta recente. O tipo de falha mais recorrente, CWE-79 (Cross-Site Scripting), aponta para fragilidades persistentes na camada de apresentação que exigem atenção continuada em práticas de desenvolvimento e validação de entrada.

CVE-2023-45193MEDIUMIBM Db2 denial of serviceEPSS 0.8%CVE-2020-4614LOWIBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive infoEPSS 0.8%CVE-2017-1396MEDIUMIBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 specifies permissions for a security-critical resource in a way that EPSS 0.8%CVE-2023-47161MEDIUMIBM UrbanCode Deploy denial of serviceEPSS 0.8%CVE-2021-29726MEDIUMIBM Sterling Secure Proxy 6.0.3 and IBM Secure External Authentication Server 6.0.3 does not properly ensure that a certificate is actually EPSS 0.8%CVE-2021-39023LOWIBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical eEPSS 0.8%CVE-2020-4649MEDIUMIBM Planning Analytics Local 2.0.9.2 and IBM Planning Analytics Workspace 57 could expose data to non-privleged users by not invalidating TMEPSS 0.8%CVE-2020-4674MEDIUMIBM Workload Automation 9.5 stores the server path in URLs that could aid in further attacks against the system. IBM X-Force ID: 186287.EPSS 0.8%CVE-2020-4673MEDIUMIBM Workload Automation 9.5 stores sensitive information in HTML comments that could aid in further attacks against the system. IBM X-Force EPSS 0.8%CVE-2020-4484MEDIUMIBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could disclose sensitive information to an authenticated user that could bEPSS 0.8%CVE-2020-4667MEDIUMIBM Engineering Requirements Quality Assistant On-Premises could allow an authenticated user to obtain sensitive information due to improperEPSS 0.8%CVE-2020-4849MEDIUMIBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.19 Interim Fix 7 could allow a remote attacker to bypass security restrictions, caused by a EPSS 0.8%CVE-2017-1494IBM Business Process Manager 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code iEPSS 0.8%CVE-2019-4636LOWIBM Security Secret Server 10.7 could disclose sensitive information to an authenticated user from generated error messages. IBM X-Force ID:EPSS 0.8%CVE-2019-4705LOWIBM Security Identity Manager Virtual Appliance 7.0.2 discloses sensitive information to unauthorized users. The information can be used to EPSS 0.8%CVE-2019-4706LOWIBM Security Identity Manager Virtual Appliance 7.0.2 writes information to log files which can be of a sensitive nature and give valuable gEPSS 0.8%CVE-2017-1352IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to inject commands into work orders that could be executed by anotEPSS 0.8%CVE-2023-38741HIGHIBM TXSeries for Multiplatforms denial of serviceEPSS 0.8%CVE-2020-4732MEDIUMIBM Jazz Foundation and IBM Engineering products could allow an authenticated user to obtain sensitive information due to lack of security rEPSS 0.8%CVE-2017-1195IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 could allow a remote attacker to conduct phishing attacks, using an open redirectEPSS 0.8%