Vulnerabilidades en IBM

4761 resultados
Análisis Vexday

Com 4.716 CVEs catalogadas, o portfólio da IBM acumula um volume expressivo de vulnerabilidades, embora sua taxa de exploração ativa — 5 entradas no catálogo KEV da CISA, representando 0,11% do total — esteja abaixo da média geral do catálogo (0,45%), o que sugere menor aproveitamento ativo em comparação proporcional com outros vendors. A atenção deve se concentrar em CVE-2022-47986, cuja pontuação EPSS de 0,9997 indica probabilidade extremamente elevada de exploração ativa, tornando-a prioridade imediata de mitigação. As 92 CVEs críticas e 18 com PoC pública ampliam a superfície de risco concreto, especialmente considerando que 129 novas vulnerabilidades surgiram nos últimos 90 dias, indicando ritmo relevante de descoberta recente. O tipo de falha mais recorrente, CWE-79 (Cross-Site Scripting), aponta para fragilidades persistentes na camada de apresentação que exigem atenção continuada em práticas de desenvolvimento e validação de entrada.

CVE-2023-32344MEDIUMIBM Cognos Analytics cross-site request forgeryEPSS 0.4%CVE-2018-1409IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting EPSS 0.4%CVE-2026-8850HIGHIBM HTTP Server is affected by multiple vulnerabilitiesEPSS 0.4%CVE-2020-4230MEDIUMIBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 and 11.5 is vulnerable to an escalation of privilege when an authentiEPSS 0.4%CVE-2018-1411IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting EPSS 0.4%CVE-2019-4686LOWIBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers EPSS 0.4%CVE-2022-22416MEDIUMIBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to server-side request forgery (SSRF). This may allow EPSS 0.4%CVE-2023-38020MEDIUMIBM SOAR QRadar Plugin App log injectionEPSS 0.4%CVE-2018-1841MEDIUMIBM Cloud Private 2.1.0 could allow a local user to obtain the CA Private Key due to it being world readable in boot/master node. IBM X-ForcEPSS 0.4%CVE-2023-35011MEDIUMIBM Cognos Analytics server-side request forgeyEPSS 0.4%CVE-2023-33849LOWIBM CICS TX information disclosureEPSS 0.4%CVE-2018-1664MEDIUMIBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.EPSS 0.4%CVE-2017-1439IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance ownerEPSS 0.4%CVE-2017-1438IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance ownerEPSS 0.4%CVE-2022-32759MEDIUMIBM Security Directory Server information disclosureEPSS 0.4%CVE-2017-1381IBM WebSphere Application Server Proxy Server or On-demand-router (ODR) 7.0, 8.0, 8.5, 9.0 and could allow a local attacker to obtain sensitEPSS 0.4%CVE-2021-20580MEDIUMIBM Planning Analytics 2.0 could be vulnerable to cross-site request forgery (CSRF) which could allow an attacker to execute malicious and uEPSS 0.4%CVE-2024-25034HIGHIBM Planning Analytics file uploadEPSS 0.4%CVE-2024-52895MEDIUMIBM i denial of serviceEPSS 0.4%CVE-2018-1431HIGHA vulnerability in GSKit affects IBM Spectrum Scale 4.1.1, 4.2.0, 4.2.1, 4.2.3, and 5.0.0 that could allow a local attacker to obtain controEPSS 0.4%