Vulnerabilidades en IBM

4761 resultados
Análisis Vexday

Com 4.716 CVEs catalogadas, o portfólio da IBM acumula um volume expressivo de vulnerabilidades, embora sua taxa de exploração ativa — 5 entradas no catálogo KEV da CISA, representando 0,11% do total — esteja abaixo da média geral do catálogo (0,45%), o que sugere menor aproveitamento ativo em comparação proporcional com outros vendors. A atenção deve se concentrar em CVE-2022-47986, cuja pontuação EPSS de 0,9997 indica probabilidade extremamente elevada de exploração ativa, tornando-a prioridade imediata de mitigação. As 92 CVEs críticas e 18 com PoC pública ampliam a superfície de risco concreto, especialmente considerando que 129 novas vulnerabilidades surgiram nos últimos 90 dias, indicando ritmo relevante de descoberta recente. O tipo de falha mais recorrente, CWE-79 (Cross-Site Scripting), aponta para fragilidades persistentes na camada de apresentação que exigem atenção continuada em práticas de desenvolvimento e validação de entrada.

CVE-2018-1843MEDIUMThe Identity and Access Management (IAM) services (IBM Cloud Private 3.1.0) do not use a secure channel, such as SSL, to exchange informatioEPSS 0.3%CVE-2023-33840MEDIUMIBM Security Verify Governance cross-site scriptingEPSS 0.3%CVE-2025-36202HIGHIBM webMethods Integration code executionEPSS 0.3%CVE-2019-4465MEDIUMIBM Cloud Pak System 2.3 and 2.3.0.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: EPSS 0.3%CVE-2024-43177MEDIUMIBM Concert improper certificate validationEPSS 0.3%CVE-2025-0915MEDIUMIBM Db2 denial of serviceEPSS 0.3%CVE-2025-1000MEDIUMIBM Db2 denial of serviceEPSS 0.3%CVE-2020-4338MEDIUMIBM MQ 9.1.4 could allow a local attacker to obtain sensitive information by inclusion of sensitive data within runmqras data. IBM X-Force IEPSS 0.3%CVE-2023-35888MEDIUMIBM Security Verify Governance information disclosureEPSS 0.3%CVE-2016-6089IBM WebSphere MQ 9.0.0.1 and 9.0.2 could allow a local user to write to a file or delete files in a directory they should not have access toEPSS 0.3%CVE-2023-38723MEDIUMMaximo Asset Management cross-site scriptingEPSS 0.3%CVE-2025-1992MEDIUMIBM Db2 denial of serviceEPSS 0.3%CVE-2022-22412MEDIUMIBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user with access to the local host (client machine) to obtain a logiEPSS 0.3%CVE-2025-36143MEDIUMIBM watsonx.data command executionEPSS 0.3%CVE-2022-40228LOWIBM DataPower Gateway session fixationEPSS 0.3%CVE-2023-38716MEDIUMIBM Cloud Pak System information disclosureEPSS 0.3%CVE-2023-38714MEDIUMIBM Cloud Pak System information disclosureEPSS 0.3%CVE-2023-35906MEDIUMIBM Aspera Faspex security bypassEPSS 0.3%CVE-2025-36003HIGHIBM Security Verify Governance Identity Manager information disclosureEPSS 0.3%CVE-2023-38713MEDIUMIBM Cloud Pak System information disclosureEPSS 0.3%