Vulnerabilidades em IBM

4.759 resultados
Análise Vexday

Com 4.716 CVEs catalogadas, o portfólio da IBM acumula um volume expressivo de vulnerabilidades, embora sua taxa de exploração ativa — 5 entradas no catálogo KEV da CISA, representando 0,11% do total — esteja abaixo da média geral do catálogo (0,45%), o que sugere menor aproveitamento ativo em comparação proporcional com outros vendors. A atenção deve se concentrar em CVE-2022-47986, cuja pontuação EPSS de 0,9997 indica probabilidade extremamente elevada de exploração ativa, tornando-a prioridade imediata de mitigação. As 92 CVEs críticas e 18 com PoC pública ampliam a superfície de risco concreto, especialmente considerando que 129 novas vulnerabilidades surgiram nos últimos 90 dias, indicando ritmo relevante de descoberta recente. O tipo de falha mais recorrente, CWE-79 (Cross-Site Scripting), aponta para fragilidades persistentes na camada de apresentação que exigem atenção continuada em práticas de desenvolvimento e validação de entrada.

CVE-2021-39082MEDIUMIBM UrbanCode Deploy (UCD) 7.1.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitiEPSS 0.6%CVE-2025-0975HIGHIBM MQ code executionEPSS 0.6%CVE-2021-20479MEDIUMIBM Cloud Pak System 2.3.0 through 2.3.3.3 Interim Fix 1 uses weaker than expected cryptographic algorithms that could allow an attacker to EPSS 0.6%CVE-2021-20519MEDIUMIBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in EPSS 0.6%CVE-2020-4920MEDIUMIBM Jazz Team Server products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript cEPSS 0.6%CVE-2019-4148MEDIUMIBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to eEPSS 0.6%CVE-2021-29770MEDIUMIBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) could allow an authenticated user to perform unauthorized actionsEPSS 0.6%CVE-2016-9980IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrEPSS 0.6%CVE-2022-30611MEDIUMIBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 is vulnerable to cross-site scripting, caused by improper validation of user-suppEPSS 0.6%CVE-2017-1624MEDIUMIBM QRadar 7.3 and 7.3.1 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified byEPSS 0.6%CVE-2018-1370MEDIUMIBM Security Guardium Big Data Intelligence (SonarG) 3.1 specifies permissions for a security-critical resource in a way that allows that reEPSS 0.6%CVE-2021-20561MEDIUMIBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary EPSS 0.6%CVE-2021-20481MEDIUMIBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary EPSS 0.6%CVE-2021-29835MEDIUMIBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed EPSS 0.6%CVE-2024-40705MEDIUMIBM InfoSphere Information Server denial of serviceEPSS 0.6%CVE-2021-29849MEDIUMIBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in theEPSS 0.6%CVE-2017-1291IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerabilityEPSS 0.6%CVE-2023-30993MEDIUMIBM Cloud Pak for Security information disclosureEPSS 0.6%CVE-2022-34318MEDIUMIBM CICS TX clickjackingEPSS 0.6%CVE-2023-50304HIGHIBM Engineering Requirements Management DOORS XML external entity injectionEPSS 0.6%