Vulnerabilidades em IBM

4.759 resultados
Análise Vexday

Com 4.716 CVEs catalogadas, o portfólio da IBM acumula um volume expressivo de vulnerabilidades, embora sua taxa de exploração ativa — 5 entradas no catálogo KEV da CISA, representando 0,11% do total — esteja abaixo da média geral do catálogo (0,45%), o que sugere menor aproveitamento ativo em comparação proporcional com outros vendors. A atenção deve se concentrar em CVE-2022-47986, cuja pontuação EPSS de 0,9997 indica probabilidade extremamente elevada de exploração ativa, tornando-a prioridade imediata de mitigação. As 92 CVEs críticas e 18 com PoC pública ampliam a superfície de risco concreto, especialmente considerando que 129 novas vulnerabilidades surgiram nos últimos 90 dias, indicando ritmo relevante de descoberta recente. O tipo de falha mais recorrente, CWE-79 (Cross-Site Scripting), aponta para fragilidades persistentes na camada de apresentação que exigem atenção continuada em práticas de desenvolvimento e validação de entrada.

CVE-2018-1396MEDIUMIBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows usersEPSS 0.6%CVE-2018-1521MEDIUMIBM Rational Team Concert 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users toEPSS 0.6%CVE-2019-4743MEDIUMIBM Financial Transaction Manager 3.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able toEPSS 0.6%CVE-2024-40704MEDIUMIBM InfoSphere Information Server information disclosureEPSS 0.6%CVE-2021-20417MEDIUMIBM Guardium Data Encryption (GDE) 4.0.0.4 could allow a remote attacker to obtain sensitive information when a detailed technical error mesEPSS 0.6%CVE-2023-33847LOWIBM CICS TX information disclosureEPSS 0.6%CVE-2021-38954MEDIUMIBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 and 6.1.0.0 through 6.1.1.0 could disclose sensitive version informatioEPSS 0.6%CVE-2017-1444IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript codeEPSS 0.6%CVE-2020-4955HIGHIBM Spectrum Protect Operations Center 7.1 and 8.1could allow a remote attacker to execute arbitrary code on the system, caused by improper EPSS 0.6%CVE-2023-23487MEDIUMIBM Db2 audit loggingEPSS 0.6%CVE-2023-25683MEDIUMIBM PowerVM Hypervisor information disclosureEPSS 0.6%CVE-2023-43051MEDIUMIBM Cognos Analytics cross-site scriptingEPSS 0.6%CVE-2023-52296MEDIUMIBM Db2 for Linux, UNIX and Windows denial of serviceEPSS 0.6%CVE-2024-55904HIGHIBM DevOps Deploy / IBM UrbanCode Deploy command injectionEPSS 0.6%CVE-2026-7524CRITICALPath Traversal Vulnerability in File Processing Components Allows Unauthorized File System Access and Potential Remote Code ExecutionEPSS 0.6%CVE-2022-22460LOWIBM Security Verify Identity Manager 10.0 contains sensitive information in the source code repository that could be used in further attacksEPSS 0.6%CVE-2020-4919MEDIUMIBM Cloud Pak System 2.3 has insufficient logout controls which could allow an authenticated privileged user to impersonate another user on EPSS 0.6%CVE-2022-22339MEDIUMIBM Planning Analytics 2.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorizeEPSS 0.6%CVE-2020-4597MEDIUMIBM Security Guardium Insights 2.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to EPSS 0.6%CVE-2021-29802MEDIUMIBM Security SOAR performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses orEPSS 0.6%