Vulnerabilidades en IBM

4761 resultados
Análisis Vexday

Com 4.716 CVEs catalogadas, o portfólio da IBM acumula um volume expressivo de vulnerabilidades, embora sua taxa de exploração ativa — 5 entradas no catálogo KEV da CISA, representando 0,11% do total — esteja abaixo da média geral do catálogo (0,45%), o que sugere menor aproveitamento ativo em comparação proporcional com outros vendors. A atenção deve se concentrar em CVE-2022-47986, cuja pontuação EPSS de 0,9997 indica probabilidade extremamente elevada de exploração ativa, tornando-a prioridade imediata de mitigação. As 92 CVEs críticas e 18 com PoC pública ampliam a superfície de risco concreto, especialmente considerando que 129 novas vulnerabilidades surgiram nos últimos 90 dias, indicando ritmo relevante de descoberta recente. O tipo de falha mais recorrente, CWE-79 (Cross-Site Scripting), aponta para fragilidades persistentes na camada de apresentação que exigem atenção continuada em práticas de desenvolvimento e validação de entrada.

CVE-2025-2534MEDIUMIBM Db2 denial of serviceEPSS 0.3%CVE-2023-50315MEDIUMIBM WebSphere Application Server information disclosureEPSS 0.3%CVE-2021-20575MEDIUMIBM Security Verify Access 20.07 allows web pages to be stored locally which can be read by another user on the system. X-Force ID: 199278.EPSS 0.3%CVE-2026-4870HIGHQiskit SDK is vulnerable to specific functions may recurse too deeply and overflow the available stack space, when encountering certain classical expressions.EPSS 0.3%CVE-2024-54176MEDIUMIBM UrbanCode Deploy missing authenticationEPSS 0.3%CVE-2021-29827MEDIUMIBM InfoSphere Information Server clickjackingEPSS 0.3%CVE-2025-36090MEDIUMIBM Analytics Content Hub information disclosureEPSS 0.3%CVE-2021-20536MEDIUMIBM Spectrum Protect Plus File Systems Agent 10.1.6 and 10.1.7 stores potentially sensitive information in log files that could be read by aEPSS 0.3%CVE-2022-35286LOWIBM Security Verify Information Queue 10.0.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious EPSS 0.3%CVE-2024-43189MEDIUMIBM Concert Software information disclosureEPSS 0.3%CVE-2020-4951MEDIUMIBM Cognos Analytics 11.1.7 and 11.2.0 contains locally cached browser data, that could allow a local attacker to obtain sensitive informatiEPSS 0.3%CVE-2025-33079MEDIUMIBM Controller information disclosureEPSS 0.3%CVE-2024-52905LOWIBM Sterling B2B Integrator information disclosureEPSS 0.3%CVE-2024-54179MEDIUMIBM Business Automation Workflow cross-site scriptingEPSS 0.3%CVE-2021-20546MEDIUMIBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A lEPSS 0.3%CVE-2024-49783MEDIUMIBM OpenPages with Watson information disclosureEPSS 0.3%CVE-2022-43916MEDIUMIBM App Connect Enterprise Certified Container improper communications restrictionEPSS 0.3%CVE-2018-1621MEDIUMIBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local attacker to obtain clear text password in a trace file caused byEPSS 0.3%CVE-2024-56338MEDIUMIBM Sterling B2B Integrator cross-site scriptingEPSS 0.3%CVE-2023-26289MEDIUMIBM Aspera Orchestrator HTTP header injectionEPSS 0.3%