Vulnerabilidades en IBM

4761 resultados
Análisis Vexday

Com 4.716 CVEs catalogadas, o portfólio da IBM acumula um volume expressivo de vulnerabilidades, embora sua taxa de exploração ativa — 5 entradas no catálogo KEV da CISA, representando 0,11% do total — esteja abaixo da média geral do catálogo (0,45%), o que sugere menor aproveitamento ativo em comparação proporcional com outros vendors. A atenção deve se concentrar em CVE-2022-47986, cuja pontuação EPSS de 0,9997 indica probabilidade extremamente elevada de exploração ativa, tornando-a prioridade imediata de mitigação. As 92 CVEs críticas e 18 com PoC pública ampliam a superfície de risco concreto, especialmente considerando que 129 novas vulnerabilidades surgiram nos últimos 90 dias, indicando ritmo relevante de descoberta recente. O tipo de falha mais recorrente, CWE-79 (Cross-Site Scripting), aponta para fragilidades persistentes na camada de apresentação que exigem atenção continuada em práticas de desenvolvimento e validação de entrada.

CVE-2023-33837MEDIUMIBM Security Verify Governance information disclosureEPSS 0.3%CVE-2021-38899MEDIUMIBM Cloud Pak for Data 2.5 could allow a local user with special privileges to obtain highly sensitive information. IBM X-Force ID: 209575.EPSS 0.3%CVE-2018-1842LOWIBM Cognos Analytics 11 Configuration tool, under certain circumstances, will bypass OIDC namespace signature verification on its id_token. EPSS 0.3%CVE-2024-47109MEDIUMIBM Sterling File Gateway information disclosureEPSS 0.3%CVE-2023-37412MEDIUMIBM Aspera Faspex improper access controlEPSS 0.3%CVE-2024-41752MEDIUMIBM Cognos Analytics HTML injectionEPSS 0.3%CVE-2021-29708MEDIUMIBM Spectrum Scale 5.1.0.1 could allow a local with access to the GUI pod container to obtain sensitive cryptographic keys that could allow EPSS 0.3%CVE-2021-29741HIGHIBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in Korn Shell (ksh) to gain root privileges. IBM X-Force EPSS 0.3%CVE-2022-22493LOWIBM WebSphere Automation for Cloud Pak for Watson AIOps 1.4.2 is vulnerable to cross-site request forgery, caused by improper cookie attribuEPSS 0.3%CVE-2021-29801HIGHIBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the kernel to gain root privileges. IBMEPSS 0.3%CVE-2023-50946MEDIUMIBM Common Licensing information disclosureEPSS 0.3%CVE-2021-29759MEDIUMIBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, and 1.3 could allow a privileged user to obtain sensitive information from intEPSS 0.3%CVE-2024-31894MEDIUMIBM App Connect Enterprise information disclosureEPSS 0.3%CVE-2023-50964MEDIUMIBM InfoSphere Information Server cross-site scriptingEPSS 0.3%CVE-2024-28797MEDIUMIBM InfoSphere Information Server cross-site scriptingEPSS 0.3%CVE-2024-27255MEDIUMIBM MQ Container information disclosureEPSS 0.3%CVE-2024-28794MEDIUMIBM InfoSphere Information Server cross-site scriptingEPSS 0.3%CVE-2022-43840MEDIUMIBM Aspera Console XPath injectionEPSS 0.3%CVE-2024-31893MEDIUMIBM App Connect Enterprise information disclosureEPSS 0.3%CVE-2025-36134LOWIBM Sterling B2B Integrator and IBM Sterling File Gateway information disclosureEPSS 0.3%