Vulnerabilidades en IBM

4759 resultados
Análisis Vexday

Com 4.716 CVEs catalogadas, o portfólio da IBM acumula um volume expressivo de vulnerabilidades, embora sua taxa de exploração ativa — 5 entradas no catálogo KEV da CISA, representando 0,11% do total — esteja abaixo da média geral do catálogo (0,45%), o que sugere menor aproveitamento ativo em comparação proporcional com outros vendors. A atenção deve se concentrar em CVE-2022-47986, cuja pontuação EPSS de 0,9997 indica probabilidade extremamente elevada de exploração ativa, tornando-a prioridade imediata de mitigação. As 92 CVEs críticas e 18 com PoC pública ampliam a superfície de risco concreto, especialmente considerando que 129 novas vulnerabilidades surgiram nos últimos 90 dias, indicando ritmo relevante de descoberta recente. O tipo de falha mais recorrente, CWE-79 (Cross-Site Scripting), aponta para fragilidades persistentes na camada de apresentação que exigem atenção continuada em práticas de desenvolvimento e validação de entrada.

CVE-2022-22458MEDIUMIBM Security Verify Governance, Identity Manager information disclosureEPSS 0.8%CVE-2022-33168HIGHIBM Security Directory Suite VA denial of serviceEPSS 0.8%CVE-2021-29867MEDIUMIBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated to view or edit a Jupyter notebook that they should not have access to. EPSS 0.8%CVE-2024-39747HIGHIBM Sterling Connect:Direct Web Services information disclosureEPSS 0.8%CVE-2024-39742HIGHIBM MQ Container authentication bypassEPSS 0.8%CVE-2024-45652MEDIUMIBM Maximo Asset Management directory traversalEPSS 0.8%CVE-2018-1442MEDIUMIBM Application Performance Management - Response Time Monitoring Agent (IBM Monitoring 8.1.4) is vulnerable to cross-site request forgery wEPSS 0.8%CVE-2018-2000MEDIUMIBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute EPSS 0.8%CVE-2020-4899HIGHIBM API Connect 5.0.0.0 through 5.0.8.10 could potentially leak sensitive information or allow for data corruption due to plain text transmiEPSS 0.8%CVE-2020-4150MEDIUMIBM SiteProtector Appliance 3.1.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbounEPSS 0.8%CVE-2023-30995HIGHIBM Aspera Faspex improper access controlEPSS 0.8%CVE-2023-35009MEDIUMIBM Cognos Analytics information disclosureEPSS 0.8%CVE-2019-4653MEDIUMIBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript codeEPSS 0.8%CVE-2020-4259MEDIUMIBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 could allow an authenticated user could manipulate cookie information and remove or add moEPSS 0.8%CVE-2020-4348MEDIUMIBM Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.4 could allow an authenticated GUI user to perform unauthorized actionEPSS 0.8%CVE-2018-1445IBM WebSphere Portal 8.0.0 through 8.0.0.1, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbEPSS 0.8%CVE-2023-47703MEDIUMIBM Security Guardium Key Lifecycle Manager information disclosureEPSS 0.8%CVE-2012-0718IBM Tivoli Endpoint Manager 8 does not set the HttpOnly flag on cookies.EPSS 0.8%CVE-2016-3019IBM Security Access Manager for Web 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly EPSS 0.8%CVE-2019-4556MEDIUMIBM QRadar Advisor 1.0.0 through 2.4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controEPSS 0.8%