Vulnerabilidades em IBM

4.759 resultados
Análise Vexday

Com 4.716 CVEs catalogadas, o portfólio da IBM acumula um volume expressivo de vulnerabilidades, embora sua taxa de exploração ativa — 5 entradas no catálogo KEV da CISA, representando 0,11% do total — esteja abaixo da média geral do catálogo (0,45%), o que sugere menor aproveitamento ativo em comparação proporcional com outros vendors. A atenção deve se concentrar em CVE-2022-47986, cuja pontuação EPSS de 0,9997 indica probabilidade extremamente elevada de exploração ativa, tornando-a prioridade imediata de mitigação. As 92 CVEs críticas e 18 com PoC pública ampliam a superfície de risco concreto, especialmente considerando que 129 novas vulnerabilidades surgiram nos últimos 90 dias, indicando ritmo relevante de descoberta recente. O tipo de falha mais recorrente, CWE-79 (Cross-Site Scripting), aponta para fragilidades persistentes na camada de apresentação que exigem atenção continuada em práticas de desenvolvimento e validação de entrada.

CVE-2014-0883IBM Power Hardware Management Console cross-site scriptingEPSS 0.7%CVE-2021-20392MEDIUMIBM QRadar User Behavior Analytics 1.0.0 through 4.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitEPSS 0.7%CVE-2021-29712MEDIUMIBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript EPSS 0.7%CVE-2024-27254MEDIUMIBM Db2 for Linux, UNIX and Windows denial of serviceEPSS 0.7%CVE-2021-20397MEDIUMIBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in theEPSS 0.7%CVE-2021-20386MEDIUMIBM Security Guardium 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the EPSS 0.7%CVE-2024-25046MEDIUMIBM Db2 for Linux, UNIX and Windows denial of serviceEPSS 0.7%CVE-2024-22360MEDIUMIBM Db2 for Linux, UNIX and Windows denial of serviceEPSS 0.7%CVE-2023-27870MEDIUMIBM Spectrum Virtualize information disclosureEPSS 0.7%CVE-2018-1927MEDIUMIBM StoredIQ 7.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions traEPSS 0.7%CVE-2020-4360MEDIUMIBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code iEPSS 0.7%CVE-2023-45188MEDIUMIBM Engineering Lifecycle Optimization Publishing file uploadEPSS 0.7%CVE-2024-22354HIGHIBM WebSphere Application Server XML external entity injectionEPSS 0.6%CVE-2020-4893MEDIUMIBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 transmits sensitive information in HTTP GET request parameters. This mayEPSS 0.6%CVE-2020-4926MEDIUMA vulnerability in the Spectrum Scale 5.1 core component and IBM Elastic Storage System 6.1 could allow unauthorized access to user data or EPSS 0.6%CVE-2021-29693MEDIUMIBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user that is in the with elevated group privileges to cause a denial of service due to a EPSS 0.6%CVE-2021-20496LOWIBM Security Verify Access Docker 10.0.0 could allow an authenticated user to bypass input due to improper input validation. IBM X-Force ID:EPSS 0.6%CVE-2017-1249IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in theEPSS 0.6%CVE-2023-47150HIGHIBM Common Cryptographic Architecture denial of serviceEPSS 0.6%CVE-2020-4729MEDIUMIBM Safer Payments denial of serviceEPSS 0.6%