Vulnerabilities in IBM

4,759 results
Vexday analysis

Com 4.716 CVEs catalogadas, o portfólio da IBM acumula um volume expressivo de vulnerabilidades, embora sua taxa de exploração ativa — 5 entradas no catálogo KEV da CISA, representando 0,11% do total — esteja abaixo da média geral do catálogo (0,45%), o que sugere menor aproveitamento ativo em comparação proporcional com outros vendors. A atenção deve se concentrar em CVE-2022-47986, cuja pontuação EPSS de 0,9997 indica probabilidade extremamente elevada de exploração ativa, tornando-a prioridade imediata de mitigação. As 92 CVEs críticas e 18 com PoC pública ampliam a superfície de risco concreto, especialmente considerando que 129 novas vulnerabilidades surgiram nos últimos 90 dias, indicando ritmo relevante de descoberta recente. O tipo de falha mais recorrente, CWE-79 (Cross-Site Scripting), aponta para fragilidades persistentes na camada de apresentação que exigem atenção continuada em práticas de desenvolvimento e validação de entrada.

CVE-2021-20497MEDIUMIBM Security Verify Access Docker 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sEPSS 0.7%CVE-2021-20360MEDIUMIBM Cloud Pak for Applications 4.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitiEPSS 0.7%CVE-2022-31772MEDIUMIBM MQ denial of serviceEPSS 0.7%CVE-2021-20566MEDIUMIBM Resilient SOAR V38.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive informaEPSS 0.7%CVE-2022-43919MEDIUMIBM MQ denial of serviceEPSS 0.7%CVE-2021-20419MEDIUMIBM Security Guardium 11.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive inforEPSS 0.7%CVE-2021-20337MEDIUMIBM QRadar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA uses weaker than expected cryptographic algorithms that could allow an attackerEPSS 0.7%CVE-2023-27279MEDIUMIBM Aspera Faspex denial of serviceEPSS 0.7%CVE-2020-4578MEDIUMIBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbiEPSS 0.7%CVE-2019-4270MEDIUMIBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console is vulnerable to cross-site scripting. This vulnerability allows usersEPSS 0.7%CVE-2020-4653MEDIUMIBM Planning Analytics 2.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim EPSS 0.7%CVE-2019-4595MEDIUMIBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 could allow a remote attacker to conduct phishing attacks, using an opeEPSS 0.7%CVE-2020-4619MEDIUMIBM Data Risk Manager (iDNA) 2.0.6 stores user credentials in plain in clear text which can be read by an authenticated user. IBM X-Force IDEPSS 0.7%CVE-2018-1704MEDIUMIBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 could allow a remote attacker to conduct phishingEPSS 0.7%CVE-2021-39019MEDIUMIBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose highly sensitive information througEPSS 0.7%CVE-2023-38370HIGHIBM Security Access Manager Docker information disclosureEPSS 0.7%CVE-2023-24971HIGHIBM B2B Advanced Communication denial of serviceEPSS 0.7%CVE-2021-29701MEDIUMIBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 as well as IBM Rational Team Concert 6.0.6 and 6.0.6.1 could allow an authneticateEPSS 0.7%CVE-2021-29761MEDIUMIBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authenticated user to obtain sensitive information from EPSS 0.7%CVE-2021-20563MEDIUMIBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 could allow a remote authenciated user to obtain sensitive information. By sending a speciEPSS 0.7%