Vulnerabilidades em IBM

4.759 resultados
Análise Vexday

Com 4.716 CVEs catalogadas, o portfólio da IBM acumula um volume expressivo de vulnerabilidades, embora sua taxa de exploração ativa — 5 entradas no catálogo KEV da CISA, representando 0,11% do total — esteja abaixo da média geral do catálogo (0,45%), o que sugere menor aproveitamento ativo em comparação proporcional com outros vendors. A atenção deve se concentrar em CVE-2022-47986, cuja pontuação EPSS de 0,9997 indica probabilidade extremamente elevada de exploração ativa, tornando-a prioridade imediata de mitigação. As 92 CVEs críticas e 18 com PoC pública ampliam a superfície de risco concreto, especialmente considerando que 129 novas vulnerabilidades surgiram nos últimos 90 dias, indicando ritmo relevante de descoberta recente. O tipo de falha mais recorrente, CWE-79 (Cross-Site Scripting), aponta para fragilidades persistentes na camada de apresentação que exigem atenção continuada em práticas de desenvolvimento e validação de entrada.

CVE-2021-20560MEDIUMIBM Sterling Connect:Direct Browser User Interface 1.4.1.1 and 1.5.0.2 could allow a remote attacker to hijack the clicking action of the viEPSS 0.6%CVE-2022-43927MEDIUMIBM Db2 for Linux, UNIX and Windows information disclosureEPSS 0.6%CVE-2020-8340MEDIUMA cross-site scripting (XSS) vulnerability was discovered in the legacy IBM and Lenovo System x IMM2 (Integrated Management Module 2), priorEPSS 0.6%CVE-2024-28767MEDIUMIBM Security Directory Integrator command executionEPSS 0.6%CVE-2021-38946MEDIUMIBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JaEPSS 0.6%CVE-2020-4964MEDIUMIBM Jazz Team Server products contain an undisclosed vulnerability that could allow an authenticated user to present a customized message onEPSS 0.6%CVE-2022-43928MEDIUMIBM Db2 Mirror for i information disclosureEPSS 0.6%CVE-2020-4165MEDIUMIBM Security Guardium Insights 2.0.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to viEPSS 0.6%CVE-2020-4195MEDIUMIBM API Connect V2018.4.1.0 through 2018.4.1.10 could allow a remote attacker to hijack the clicking action of the victim. By persuading a vEPSS 0.6%CVE-2022-35288MEDIUMIBM Security Verify Information Queue 10.0.2 could allow a user to obtain sensitive information that could be used in further attacks againsEPSS 0.6%CVE-2022-22445HIGHAn attacker that gains service access to the FSP (POWER9 only) or gains admin authority to a partition can compromise partition firmware.EPSS 0.6%CVE-2023-45182HIGHIBM i Access Client Solutions information disclosureEPSS 0.6%CVE-2023-49886CRITICALIBM Transformation Extender Advanced code executionEPSS 0.6%CVE-2022-43870MEDIUMIBM Spectrum Virtualize information disclosureEPSS 0.6%CVE-2021-20554MEDIUMIBM Sterling Order Management 9.4, 9.5, and 10.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JEPSS 0.6%CVE-2021-38876MEDIUMIBM i 7.2, 7.3, and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the WebEPSS 0.6%CVE-2021-38961MEDIUMIBM OPENBMC OP910 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thEPSS 0.6%CVE-2021-38896MEDIUMIBM QRadar Advisor 2.5 through 2.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript coEPSS 0.6%CVE-2025-36250CRITICALAIX Code ExecutionEPSS 0.6%CVE-2022-34352MEDIUMIBM QRadar information disclosureEPSS 0.6%