Vulnerabilities in IBM

4,759 results
Vexday analysis

Com 4.716 CVEs catalogadas, o portfólio da IBM acumula um volume expressivo de vulnerabilidades, embora sua taxa de exploração ativa — 5 entradas no catálogo KEV da CISA, representando 0,11% do total — esteja abaixo da média geral do catálogo (0,45%), o que sugere menor aproveitamento ativo em comparação proporcional com outros vendors. A atenção deve se concentrar em CVE-2022-47986, cuja pontuação EPSS de 0,9997 indica probabilidade extremamente elevada de exploração ativa, tornando-a prioridade imediata de mitigação. As 92 CVEs críticas e 18 com PoC pública ampliam a superfície de risco concreto, especialmente considerando que 129 novas vulnerabilidades surgiram nos últimos 90 dias, indicando ritmo relevante de descoberta recente. O tipo de falha mais recorrente, CWE-79 (Cross-Site Scripting), aponta para fragilidades persistentes na camada de apresentação que exigem atenção continuada em práticas de desenvolvimento e validação de entrada.

CVE-2020-4941MEDIUMIBM Edge 4.2 could reveal sensitive version information about the server from error pages that could aid an attacker in further attacks agaiEPSS 0.7%CVE-2021-20376MEDIUMIBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated attacker to enumerate usernames due to there being an observaEPSS 0.7%CVE-2024-35116MEDIUMIBM MQ denial of serviceEPSS 0.7%CVE-2017-1546IBM DOORS Next Generation (DNG/RRC) 4.07, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitEPSS 0.7%CVE-2019-4663MEDIUMIBM WebSphere Application Server - Liberty is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScrEPSS 0.7%CVE-2020-4157MEDIUMIBM QRadar Network Security 5.4.0 and 5.5.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its EPSS 0.7%CVE-2024-39750HIGHIBM Analytics Content Hub buffer overflowEPSS 0.7%CVE-2020-4421MEDIUMIBM WebSphere Application Liberty 19.0.0.5 through 20.0.0.4 could allow an authenticated user using openidconnect to spoof another users ideEPSS 0.7%CVE-2023-40683HIGHIBM OpenPages with Watson privilege escalationEPSS 0.7%CVE-2022-22410LOWIBM Watson Query with Cloud Pak for Data as a Service could allow an authenticated user to obtain sensitive information that would allow theEPSS 0.7%CVE-2017-1493IBM UrbanCode Deploy (UCD) 6.1 and 6.2 could allow an authenticated user to edit objects that they should not have access to due to improperEPSS 0.7%CVE-2022-22449MEDIUMIBM Security Verify Governance, Identity Manager information disclosureEPSS 0.7%CVE-2023-32331HIGHIBM Connect:Express for UNIX denial of serviceEPSS 0.7%CVE-2019-4571MEDIUMIBM Content Navigator 3.0CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in theEPSS 0.7%CVE-2023-29256MEDIUMIBM Db2 information disclosureEPSS 0.7%CVE-2023-26270MEDIUMIBM Security Guardium Data Encryption code executionEPSS 0.7%CVE-2023-46159LOWIBM Storage Ceph denial of serviceEPSS 0.7%CVE-2022-22331MEDIUMIBM SterlingPartner Engagement Manager 6.2.0 could allow a remote authenticated attacker to obtain sensitive information or modify user detaEPSS 0.7%CVE-2022-22315MEDIUMIBM UrbanCode Deploy (UCD) 7.2.2.1 could allow an authenticated user with special permissions to obtain elevated privileges due to improper EPSS 0.7%CVE-2024-45663MEDIUMIBM Db2 denial of serviceEPSS 0.7%