Vulnerabilidades en IBM

4759 resultados
Análisis Vexday

Com 4.716 CVEs catalogadas, o portfólio da IBM acumula um volume expressivo de vulnerabilidades, embora sua taxa de exploração ativa — 5 entradas no catálogo KEV da CISA, representando 0,11% do total — esteja abaixo da média geral do catálogo (0,45%), o que sugere menor aproveitamento ativo em comparação proporcional com outros vendors. A atenção deve se concentrar em CVE-2022-47986, cuja pontuação EPSS de 0,9997 indica probabilidade extremamente elevada de exploração ativa, tornando-a prioridade imediata de mitigação. As 92 CVEs críticas e 18 com PoC pública ampliam a superfície de risco concreto, especialmente considerando que 129 novas vulnerabilidades surgiram nos últimos 90 dias, indicando ritmo relevante de descoberta recente. O tipo de falha mais recorrente, CWE-79 (Cross-Site Scripting), aponta para fragilidades persistentes na camada de apresentação que exigem atenção continuada em práticas de desenvolvimento e validação de entrada.

CVE-2021-38915MEDIUMIBM Data Risk Manager 2.0.6 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 209947.EPSS 0.5%CVE-2024-28778MEDIUMIBM Cognos Controller information disclosureEPSS 0.5%CVE-2024-40697HIGHIBM Common Licensing information disclosureEPSS 0.5%CVE-2026-9170CRITICALIBM HTTP Server is affected by multiple vulnerabilitiesEPSS 0.5%CVE-2021-29863MEDIUMIBM QRadar SIEM 7.3 and 7.4 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorizEPSS 0.5%CVE-2025-0160HIGHIBM FlashSystem code executionEPSS 0.5%CVE-2019-4427MEDIUMIBM Cloud CLI 0.6.0 through 0.16.1 windows installers are signed using SHA1 certificate. An attacker might be able to exploit the weak algorEPSS 0.5%CVE-2023-38263MEDIUMIBM SOAR QRadar Plugin App improper access controlsEPSS 0.5%CVE-2024-22344MEDIUMIBM TXSeries for Multiplatforms information disclosureEPSS 0.5%CVE-2021-20524MEDIUMIBM Security Verify Access Docker 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScripEPSS 0.5%CVE-2025-36004HIGHIBM i privilege escalationEPSS 0.5%CVE-2026-9330HIGHIBM WebSphere Application Server is affected by remote code executionEPSS 0.5%CVE-2022-34310MEDIUMIBM CICS TX information disclosureEPSS 0.5%CVE-2022-34320MEDIUMIBM CICS TX information disclosureEPSS 0.5%CVE-2022-34309MEDIUMIBM CICS TX information disclosureEPSS 0.5%CVE-2021-39057MEDIUMIBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attEPSS 0.5%CVE-2024-40681HIGHIBM MQ security bypassEPSS 0.5%CVE-2025-3355HIGHIBM Tivoli Monitoring is vulnerable to unauthenticated file read and write operationsEPSS 0.5%CVE-2023-25687MEDIUMIBM Security Key Lifecycle Manager information disclosureEPSS 0.5%CVE-2020-4199MEDIUMIBM Tivoli Netcool/OMNIbus 8.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorEPSS 0.5%