Vulnerabilidades en IBM

4761 resultados
Análisis Vexday

Com 4.716 CVEs catalogadas, o portfólio da IBM acumula um volume expressivo de vulnerabilidades, embora sua taxa de exploração ativa — 5 entradas no catálogo KEV da CISA, representando 0,11% do total — esteja abaixo da média geral do catálogo (0,45%), o que sugere menor aproveitamento ativo em comparação proporcional com outros vendors. A atenção deve se concentrar em CVE-2022-47986, cuja pontuação EPSS de 0,9997 indica probabilidade extremamente elevada de exploração ativa, tornando-a prioridade imediata de mitigação. As 92 CVEs críticas e 18 com PoC pública ampliam a superfície de risco concreto, especialmente considerando que 129 novas vulnerabilidades surgiram nos últimos 90 dias, indicando ritmo relevante de descoberta recente. O tipo de falha mais recorrente, CWE-79 (Cross-Site Scripting), aponta para fragilidades persistentes na camada de apresentação que exigem atenção continuada em práticas de desenvolvimento e validação de entrada.

CVE-2024-22338MEDIUMIBM Security Verify Access OIDC Provider information disclosureEPSS 0.2%CVE-2018-1518MEDIUMIBM InfoSphere Information Server 11.7 is affected by a weak password encryption vulnerability that could allow a local user to obtain highlEPSS 0.2%CVE-2023-37400HIGHIBM Aspera Faspex privilege escalationEPSS 0.2%CVE-2024-28786MEDIUMIBM QRadar SIEM information disclosureEPSS 0.2%CVE-2026-3623HIGHVulnerabilities exists in IBM Netezza Performance Server Replication ServicesEPSS 0.2%CVE-2025-36418HIGHMultiple vulnerabilities found in IBM ApplinX.EPSS 0.1%CVE-2023-40685HIGHIBM i privilege escalationEPSS 0.1%CVE-2025-12771HIGHIBM Concert Software Improper Restriction of Operations within the Bounds of a Memory Buffer.EPSS 0.1%CVE-2022-22367MEDIUMIBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 could disclose sensitive database information to a local user in plain tEPSS 0.1%CVE-2026-4096MEDIUMA vulnerability has been identified in IBM DevOps Plan that allows a Host Header Injection attack due to improper handling of the Host header in HTTP requests.EPSS 0.1%CVE-2025-36173MEDIUMInfoSphere Data Architect (IDA) 9.2.1 Vulnerability Fixes.EPSS 0.1%CVE-2023-22592MEDIUMIBM Robotic Process Automation for Cloud Pak insufficient permission settingsEPSS 0.1%CVE-2025-13491MEDIUMIBM App Connect Enterprise Certified Container Information DisclosureEPSS 0.1%CVE-2020-4914MEDIUMIBM Cloud Pak System Software Suite session fixationEPSS 0.1%CVE-2025-1994HIGHIBM Cognos Command Center code executionEPSS 0.1%CVE-2023-38267MEDIUMIBM Security Access Manager Appliance information disclosureEPSS 0.1%CVE-2025-1411HIGHIBM Security Verify Directory Container command executionEPSS 0.1%CVE-2024-51448MEDIUMIBM Robotic Process Automation privilege escalationEPSS 0.1%CVE-2025-36396MEDIUMSecurity vulnerabilities have been found in IBM Application GatewayEPSS 0.1%CVE-2025-36409MEDIUMMultiple vulnerabilities found in IBM ApplinX.EPSS 0.1%