Vulnerabilidades en IBM

4759 resultados
Análisis Vexday

Com 4.716 CVEs catalogadas, o portfólio da IBM acumula um volume expressivo de vulnerabilidades, embora sua taxa de exploração ativa — 5 entradas no catálogo KEV da CISA, representando 0,11% do total — esteja abaixo da média geral do catálogo (0,45%), o que sugere menor aproveitamento ativo em comparação proporcional com outros vendors. A atenção deve se concentrar em CVE-2022-47986, cuja pontuação EPSS de 0,9997 indica probabilidade extremamente elevada de exploração ativa, tornando-a prioridade imediata de mitigação. As 92 CVEs críticas e 18 com PoC pública ampliam a superfície de risco concreto, especialmente considerando que 129 novas vulnerabilidades surgiram nos últimos 90 dias, indicando ritmo relevante de descoberta recente. O tipo de falha mais recorrente, CWE-79 (Cross-Site Scripting), aponta para fragilidades persistentes na camada de apresentação que exigem atenção continuada em práticas de desenvolvimento e validação de entrada.

CVE-2019-4160MEDIUMIBM Security Guardium Data Encryption (GDE) 3.0.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decryEPSS 0.6%CVE-2023-32328HIGHIBM Security Verify Access information disclosureEPSS 0.6%CVE-2023-47152MEDIUMIBM Db2 information disclosureEPSS 0.6%CVE-2024-41765MEDIUMIBM Engineering Lifecycle Optimization - Publishing directory traversalEPSS 0.6%CVE-2022-22333MEDIUMIBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 and IBM Sterling External Authentication Server are vulnerable a buffer overflow, duEPSS 0.6%CVE-2017-1459IBM Security Access Manager Appliance 8.0.0 and 9.0.0 specifies permissions for a security-critical resource in a way that allows that resouEPSS 0.6%CVE-2020-4496MEDIUMThe IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x server connection to an IBM Spectrum Protect Plus workload agent is subject to a manEPSS 0.6%CVE-2023-43058MEDIUMIBM Robotic Process Automation privilege escalationEPSS 0.6%CVE-2021-38973LOWIBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that theEPSS 0.6%CVE-2019-4676MEDIUMIBM Security Identity Manager Virtual Appliance 7.0.2 stores user credentials in plain in clear text which can be read by a local user. IBM EPSS 0.6%CVE-2024-47113HIGHIBM ICP - Voice Gateway XML injectionEPSS 0.6%CVE-2021-29844MEDIUMIBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorEPSS 0.6%CVE-2024-22318MEDIUMIBM i Access Client Solutions information disclosureEPSS 0.6%CVE-2023-27863MEDIUMIBM Spectrum Protect Plus Server information disclosureEPSS 0.6%CVE-2021-39074MEDIUMIBM Security Guardium 11.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the EPSS 0.6%CVE-2023-42015MEDIUMIBM UrbanCode Deploy HTML injectionEPSS 0.6%CVE-2023-29267MEDIUMIBM Db2 denial of serviceEPSS 0.6%CVE-2024-28762MEDIUMIBM Db2 denial of serviceEPSS 0.6%CVE-2020-4152MEDIUMIBM QRadar Network Security 5.4.0 and 5.5.0 transmits sensitive or security-critical data in cleartext in a communication channel that can bEPSS 0.6%CVE-2023-38363MEDIUMIBM CICS TX information disclosureEPSS 0.6%