Vulnerabilidades en IBM

4761 resultados
Análisis Vexday

Com 4.716 CVEs catalogadas, o portfólio da IBM acumula um volume expressivo de vulnerabilidades, embora sua taxa de exploração ativa — 5 entradas no catálogo KEV da CISA, representando 0,11% do total — esteja abaixo da média geral do catálogo (0,45%), o que sugere menor aproveitamento ativo em comparação proporcional com outros vendors. A atenção deve se concentrar em CVE-2022-47986, cuja pontuação EPSS de 0,9997 indica probabilidade extremamente elevada de exploração ativa, tornando-a prioridade imediata de mitigação. As 92 CVEs críticas e 18 com PoC pública ampliam a superfície de risco concreto, especialmente considerando que 129 novas vulnerabilidades surgiram nos últimos 90 dias, indicando ritmo relevante de descoberta recente. O tipo de falha mais recorrente, CWE-79 (Cross-Site Scripting), aponta para fragilidades persistentes na camada de apresentação que exigem atenção continuada em práticas de desenvolvimento e validação de entrada.

CVE-2019-4385MEDIUMIBM Spectrum Protect Plus 10.1.2 may display the vSnap CIFS password in the IBM Spectrum Protect Plus Joblog. This can result in an attackerEPSS 0.3%CVE-2019-4093MEDIUMIBM Tivoli Storage Manager (IBM Spectrum Protect 8.1.7) could allow a user to restore files and directories using IBM Spectrum Prootect ClieEPSS 0.3%CVE-2025-1722MEDIUMMultiple Vulnerabilities in IBM Concert SoftwareEPSS 0.3%CVE-2022-46774MEDIUMIBM Manage Application security bypassEPSS 0.3%CVE-2023-27291MEDIUMIBM Watson CP4D Data Stores information disclosureEPSS 0.3%CVE-2024-55895LOWIBM InfoSphere Information Server information disclosureEPSS 0.3%CVE-2024-52367MEDIUMIBM Concert Software information disclosureEPSS 0.3%CVE-2025-66487LOWMultiple vulnerabilities have been addressed in IBM Aspera SharesEPSS 0.3%CVE-2025-1761MEDIUMIBM Concert Software information disclosureEPSS 0.3%CVE-2023-47741MEDIUMIBM i information disclosureEPSS 0.3%CVE-2017-1122IBM Security Guardium 8.2, 9.0, and 10.0 contains a vulnerability that could allow a local attacker with CLI access to inject arbitrary commEPSS 0.3%CVE-2020-4629LOWIBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local user with specialized access to obtain sensitive information froEPSS 0.3%CVE-2018-1782MEDIUMIBM GPFS (IBM Spectrum Scale 5.0.1.0 and 5.0.1.1) allows a local, unprivileged user to cause a kernel panic on a node running GPFS by accessEPSS 0.3%CVE-2024-45077MEDIUMIBM Maximo Asset Management file uploadEPSS 0.3%CVE-2020-4353MEDIUMIBM MaaS360 6.82 could allow a user with pysical access to the device to crash the application which may enable the user to access restricteEPSS 0.3%CVE-2020-4832MEDIUMIBM PowerHA 7.2 could allow a local attacker to obtain sensitive information from temporary directories after a discovery failure occurs. IBEPSS 0.3%CVE-2019-4207MEDIUMIBM TRIRIGA Application Platform 3.5.3 and 3.6.0 may disclose sensitive information only available to a local user that could be used in furEPSS 0.3%CVE-2022-22453MEDIUMIBM Security Verify Identity Manager 10.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly EPSS 0.3%CVE-2017-1773IBM DataPower Gateways 7.1, 7,2, 7.5, and 7.6 could allow an attacker using man-in-the-middle techniques to spoof DNS responses to perform DEPSS 0.3%CVE-2023-47715MEDIUMIBM Storage Protect Plus Server improper access controlEPSS 0.3%