Vulnerabilidades en IBM

4759 resultados
Análisis Vexday

Com 4.716 CVEs catalogadas, o portfólio da IBM acumula um volume expressivo de vulnerabilidades, embora sua taxa de exploração ativa — 5 entradas no catálogo KEV da CISA, representando 0,11% do total — esteja abaixo da média geral do catálogo (0,45%), o que sugere menor aproveitamento ativo em comparação proporcional com outros vendors. A atenção deve se concentrar em CVE-2022-47986, cuja pontuação EPSS de 0,9997 indica probabilidade extremamente elevada de exploração ativa, tornando-a prioridade imediata de mitigação. As 92 CVEs críticas e 18 com PoC pública ampliam a superfície de risco concreto, especialmente considerando que 129 novas vulnerabilidades surgiram nos últimos 90 dias, indicando ritmo relevante de descoberta recente. O tipo de falha mais recorrente, CWE-79 (Cross-Site Scripting), aponta para fragilidades persistentes na camada de apresentação que exigem atenção continuada em práticas de desenvolvimento e validação de entrada.

CVE-2022-43573LOWIBM Robotic Process Automation information disclosureEPSS 0.5%CVE-2021-29792MEDIUMIBM Event Streams 10.0, 10.1, 10.2, and 10.3 could allow a user the CA private key to create their own certificates and deploy them in the cEPSS 0.5%CVE-2023-40376MEDIUMIBM UrbanCode Deploy (UCD) improper authentication controlsEPSS 0.5%CVE-2026-11806HIGHIBM WebSphere Application Server Liberty is affected by a an arbitrary file read vulnerabilityEPSS 0.5%CVE-2017-1783IBM Cognos Analytics 11.0 could allow a local user to change parameters set from the Cognos Analytics menus without proper authentication. IEPSS 0.5%CVE-2021-39022MEDIUMIBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 saves user-provided information into a Comma-Separated Value (CSV) file, but it does EPSS 0.5%CVE-2025-36184HIGHIBM Db2 Privilege EscalationEPSS 0.5%CVE-2022-41296MEDIUMIBM Db2U cross-site respect forgeryEPSS 0.5%CVE-2023-27283MEDIUMIBM Aspera Orchestrator information disclosureEPSS 0.5%CVE-2020-5000MEDIUMIBM Financial Transaction Manager 3.2.0 through 3.2.8 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrEPSS 0.5%CVE-2023-28958HIGHIBM Watson Knowledge Catalog CSV injectionEPSS 0.5%CVE-2021-39020LOWIBM Guardium Data Encryption (GDE) 4.0.0.7 and lower stores sensitive information in URL parameters. This may lead to information disclosureEPSS 0.5%CVE-2023-38362MEDIUMIBM CICS TX information disclosureEPSS 0.5%CVE-2025-33117CRITICALIBM QRadar SIEM command executionEPSS 0.5%CVE-2024-56477MEDIUMIBM Power Hardware Management Console directory traversalEPSS 0.5%CVE-2026-6543HIGHAuthenticated Remote Code Execution Vulnerability in Langflow Code Validation EndpointEPSS 0.5%CVE-2021-29738MEDIUMIBM InfoSphere Data Flow Designer (IBM InfoSphere Information Server 11.7 ) is vulnerable to server-side request forgery (SSRF). This may alEPSS 0.5%CVE-2021-20421MEDIUMIBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticaEPSS 0.5%CVE-2018-1780HIGHIBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local db2 instance owner to obtainEPSS 0.5%CVE-2021-38871MEDIUMIBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed aEPSS 0.5%