Vulnerabilidades en IBM

4761 resultados
Análisis Vexday

Com 4.716 CVEs catalogadas, o portfólio da IBM acumula um volume expressivo de vulnerabilidades, embora sua taxa de exploração ativa — 5 entradas no catálogo KEV da CISA, representando 0,11% do total — esteja abaixo da média geral do catálogo (0,45%), o que sugere menor aproveitamento ativo em comparação proporcional com outros vendors. A atenção deve se concentrar em CVE-2022-47986, cuja pontuação EPSS de 0,9997 indica probabilidade extremamente elevada de exploração ativa, tornando-a prioridade imediata de mitigação. As 92 CVEs críticas e 18 com PoC pública ampliam a superfície de risco concreto, especialmente considerando que 129 novas vulnerabilidades surgiram nos últimos 90 dias, indicando ritmo relevante de descoberta recente. O tipo de falha mais recorrente, CWE-79 (Cross-Site Scripting), aponta para fragilidades persistentes na camada de apresentação que exigem atenção continuada em práticas de desenvolvimento e validação de entrada.

CVE-2024-49805CRITICALIBM Security Verify Access Appliance hard coded credentialsEPSS 0.3%CVE-2018-1985MEDIUMIBM Trusteer Rapport/Apex 3.6.1908.22 contains an unused legacy driver which could allow a user with administrator privileges to cause a bufEPSS 0.3%CVE-2025-36174HIGHIBM Integrated Analytics System file uploadEPSS 0.3%CVE-2023-50963MEDIUMIBM Storage Defender HTTP HOST header injectionEPSS 0.3%CVE-2026-1267MEDIUMIBM Planning Analytics Information DisclosureEPSS 0.3%CVE-2024-28761MEDIUMIBM App Connect Enterprise HTML injectionEPSS 0.3%CVE-2017-1190IBM Emptoris Strategic Supply Management Platform 10.x and 10.1 could allow a local user with special access roles to execute arbitrary codeEPSS 0.3%CVE-2026-8644CRITICALIBM WebSphere Application Server is affected by an identity spoofing vulnerabilityEPSS 0.3%CVE-2022-34334MEDIUMIBM Sterling Partner Engagement Manager 2.0 does not invalidate session after logout which could allow an authenticated user to impersonate EPSS 0.3%CVE-2018-1724MEDIUMIBM Spectrum LSF 9.1.1 9.1.2, 9.1.3, and 10.1 could allow a local user to change their job user at job submission time due to improper file EPSS 0.3%CVE-2022-22361MEDIUMIBM Business Automation Workflow traditional 21.0.1 through 21.0.3, 20.0.0.1 through 20.0.0.2, 19.0.0.1 through 19.0.0.3, 18.0.0.0 through 1EPSS 0.3%CVE-2017-1349IBM Sterling B2B Integrator Standard Edition 5.2 stores potentially sensitive information from HTTP sessions that could be read by a local uEPSS 0.3%CVE-2021-29740HIGHIBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.3 system core component is affected by a format string security vulnerabiliEPSS 0.3%CVE-2016-5960IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores user credentials in plain in clear text which can be read by a local user. IEPSS 0.3%CVE-2017-1441IBM Emptoris Services Procurement 10.0.0.5 could allow a local user to view sensitive information stored locally due to improper access contEPSS 0.3%CVE-2025-36424MEDIUMIBM Db2 Denial of ServiceEPSS 0.3%CVE-2026-1352MEDIUMIBM® Db2® is vulnerable to a trap or return SQLCODE -901 when compiling a specially crafted query with a defined indexEPSS 0.3%CVE-2016-0234MEDIUMIBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow a local user to obtain sensitive information when a previous user has logged out ofEPSS 0.3%CVE-2020-4414MEDIUMIBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local attacker to perform unEPSS 0.3%CVE-2023-38730MEDIUMIBM Spectrum Copy Data Management information disclosureEPSS 0.3%