Vulnerabilidades en IBM

4759 resultados
Análisis Vexday

Com 4.716 CVEs catalogadas, o portfólio da IBM acumula um volume expressivo de vulnerabilidades, embora sua taxa de exploração ativa — 5 entradas no catálogo KEV da CISA, representando 0,11% do total — esteja abaixo da média geral do catálogo (0,45%), o que sugere menor aproveitamento ativo em comparação proporcional com outros vendors. A atenção deve se concentrar em CVE-2022-47986, cuja pontuação EPSS de 0,9997 indica probabilidade extremamente elevada de exploração ativa, tornando-a prioridade imediata de mitigação. As 92 CVEs críticas e 18 com PoC pública ampliam a superfície de risco concreto, especialmente considerando que 129 novas vulnerabilidades surgiram nos últimos 90 dias, indicando ritmo relevante de descoberta recente. O tipo de falha mais recorrente, CWE-79 (Cross-Site Scripting), aponta para fragilidades persistentes na camada de apresentação que exigem atenção continuada em práticas de desenvolvimento e validação de entrada.

CVE-2023-37407HIGHIBM Aspera Orchestrator command executionEPSS 0.9%CVE-2021-29843MEDIUMIBM MQ 9.1 LTS, 9.1 CD, 9.2 LTS, and 9.2CD is vulnerable to a denial of service attack caused by an issue processing message properties. IBMEPSS 0.9%CVE-2021-29768MEDIUMIBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a low level user to obtain sensitive information from the details of the 'Cloud EPSS 0.9%CVE-2017-1357IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to manipulate work orders to forge emails which could be used to cEPSS 0.9%CVE-2017-1555IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated user to generate an API token when not subscribed to the application plEPSS 0.9%CVE-2019-4552MEDIUMIBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 are vulnerable to HTTP response splitting attacks. A remote attackerEPSS 0.9%CVE-2018-1813MEDIUMIBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 uses incomplete blacklisting for input validation whicEPSS 0.9%CVE-2022-22354MEDIUMIBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.2 and IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 do not limit the length oEPSS 0.9%CVE-2018-1749MEDIUMIBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 uses incomplete blacklisting for input validation which allows attackers to bypass applicEPSS 0.9%CVE-2023-27871HIGHIBM Aspera Faspex information disclosureEPSS 0.9%CVE-2021-38903MEDIUMIBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input.EPSS 0.9%CVE-2020-4253MEDIUMIBM Content Navigator 3.0CD does not invalidate session after logout which could allow an authenticated user to impersonate another user on EPSS 0.9%CVE-2017-1551IBM API Connect 5.0.0.0 through 5.0.7.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim toEPSS 0.9%CVE-2017-1218IBM Tivoli Endpoint Manager is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized EPSS 0.9%CVE-2018-2021MEDIUMIBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in theEPSS 0.9%CVE-2019-4542MEDIUMIBM Security Directory Server 6.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript codEPSS 0.9%CVE-2019-4564MEDIUMIBM Security Key Lifecycle Manager 2.6, 2.7, 3.0, and 3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed EPSS 0.9%CVE-2019-4134MEDIUMIBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the EPSS 0.9%CVE-2021-20493MEDIUMIBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript EPSS 0.9%CVE-2021-20404LOWIBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user on the network to cause a denial of service due to an invalid cookiEPSS 0.9%