Vulnerabilities in IBM

4,759 results
Vexday analysis

Com 4.716 CVEs catalogadas, o portfólio da IBM acumula um volume expressivo de vulnerabilidades, embora sua taxa de exploração ativa — 5 entradas no catálogo KEV da CISA, representando 0,11% do total — esteja abaixo da média geral do catálogo (0,45%), o que sugere menor aproveitamento ativo em comparação proporcional com outros vendors. A atenção deve se concentrar em CVE-2022-47986, cuja pontuação EPSS de 0,9997 indica probabilidade extremamente elevada de exploração ativa, tornando-a prioridade imediata de mitigação. As 92 CVEs críticas e 18 com PoC pública ampliam a superfície de risco concreto, especialmente considerando que 129 novas vulnerabilidades surgiram nos últimos 90 dias, indicando ritmo relevante de descoberta recente. O tipo de falha mais recorrente, CWE-79 (Cross-Site Scripting), aponta para fragilidades persistentes na camada de apresentação que exigem atenção continuada em práticas de desenvolvimento e validação de entrada.

CVE-2017-1348IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JEPSS 0.7%CVE-2016-2975IBM Sametime 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the EPSS 0.7%CVE-2017-1535IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the WEPSS 0.7%CVE-2020-4965MEDIUMIBM Jazz Team Server products use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive infEPSS 0.7%CVE-2016-9988IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbiEPSS 0.7%CVE-2016-9987IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbiEPSS 0.7%CVE-2016-9986IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbiEPSS 0.7%CVE-2016-9989IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbiEPSS 0.7%CVE-2017-1096IBM Jazz Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaSEPSS 0.7%CVE-2023-43042HIGHIBM Storage Virtualize information disclosureEPSS 0.7%CVE-2019-4509MEDIUMIBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to incorrect authorization in some components which could allow an authenticated user to obtEPSS 0.7%CVE-2022-32755MEDIUMIBM Security Directory Server external entity injectionEPSS 0.7%CVE-2022-41733MEDIUMIBM InfoSphere Information Server denial of serviceEPSS 0.7%CVE-2023-42013MEDIUMIBM UrbanCode Deploy information disclosureEPSS 0.7%CVE-2020-4654LOWIBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated user to obtain sensitive information due to improper permissiEPSS 0.7%CVE-2018-1712HIGHIBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request Forgery. An attacker, using specially crafteEPSS 0.7%CVE-2023-43016HIGHIBM Security Access Manager Container unauthorized accessEPSS 0.7%CVE-2023-43021MEDIUMIBM InfoSphere Information Server information disclosureEPSS 0.7%CVE-2016-0356IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user that has been invited to a Sametime meeting room, to EPSS 0.7%CVE-2022-34335MEDIUMIBM Sterling Partner Engagement Manager denial of serviceEPSS 0.7%