Vulnerabilities in IBM

4,759 results
Vexday analysis

Com 4.716 CVEs catalogadas, o portfólio da IBM acumula um volume expressivo de vulnerabilidades, embora sua taxa de exploração ativa — 5 entradas no catálogo KEV da CISA, representando 0,11% do total — esteja abaixo da média geral do catálogo (0,45%), o que sugere menor aproveitamento ativo em comparação proporcional com outros vendors. A atenção deve se concentrar em CVE-2022-47986, cuja pontuação EPSS de 0,9997 indica probabilidade extremamente elevada de exploração ativa, tornando-a prioridade imediata de mitigação. As 92 CVEs críticas e 18 com PoC pública ampliam a superfície de risco concreto, especialmente considerando que 129 novas vulnerabilidades surgiram nos últimos 90 dias, indicando ritmo relevante de descoberta recente. O tipo de falha mais recorrente, CWE-79 (Cross-Site Scripting), aponta para fragilidades persistentes na camada de apresentação que exigem atenção continuada em práticas de desenvolvimento e validação de entrada.

CVE-2020-4592MEDIUMIBM MQ Appliance 9.1.CD and LTS could allow an authenticated user, under nondefault configuration to cause a data corruption attack due to aEPSS 0.8%CVE-2021-29753MEDIUMIBM Business Automation Workflow 18. 19, 20, 21, and IBM Business Process Manager 8.5 and d8.6 transmits or stores authentication credentialEPSS 0.8%CVE-2017-1549IBM Sterling File Gateway 2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in tEPSS 0.8%CVE-2021-38887MEDIUMIBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information from application response requests EPSS 0.8%CVE-2023-50308MEDIUMIBM Db2 denial of serviceEPSS 0.8%CVE-2021-20375MEDIUMIBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated user to intercept and replace a message sent by another user EPSS 0.8%CVE-2022-30616HIGHIBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to elevate their privilege to platform administratorEPSS 0.8%CVE-2020-4695MEDIUMIBM API Connect V10 is impacted by insecure communications during database replication. As the data replication happens over insecure communEPSS 0.8%CVE-2024-52899HIGHIBM Data Virtualization Manager code executionEPSS 0.8%CVE-2020-4831MEDIUMIBM DataPower Gateway 10.0.0.0 through 10.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt hEPSS 0.8%CVE-2021-39017MEDIUMIBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to upload arbitrary EPSS 0.8%CVE-2019-4555MEDIUMIBM Cognos Analytics 11.0 and 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript codeEPSS 0.8%CVE-2022-43740HIGHIBM Security Verify Access denial of serviceEPSS 0.8%CVE-2022-22363MEDIUMIBM Cognos Controller information disclosureEPSS 0.8%CVE-2021-29872MEDIUMIBM Cloud Pak for Automation 21.0.1 and 21.0.2 - Business Automation Studio Component is vulnerable to HTTP header injection, caused by imprEPSS 0.8%CVE-2024-49803CRITICALIBM Security Verify Access Appliance command executionEPSS 0.8%CVE-2016-0354IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user to upload a malicious file to a Sametime meeting roomEPSS 0.8%CVE-2020-4233LOWIBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failureEPSS 0.8%CVE-2021-29845MEDIUMIBM Security Guardium Insights 3.0 could allow an authenticated user to perform unauthorized actions due to improper input validation. IBM XEPSS 0.8%CVE-2019-6155MEDIUMA potential vulnerability was found in an SMI handler in various BIOS versions of certain legacy IBM System x and IBM BladeCenter systems thEPSS 0.8%