Vulnerabilidades em IBM

4.759 resultados
Análise Vexday

Com 4.716 CVEs catalogadas, o portfólio da IBM acumula um volume expressivo de vulnerabilidades, embora sua taxa de exploração ativa — 5 entradas no catálogo KEV da CISA, representando 0,11% do total — esteja abaixo da média geral do catálogo (0,45%), o que sugere menor aproveitamento ativo em comparação proporcional com outros vendors. A atenção deve se concentrar em CVE-2022-47986, cuja pontuação EPSS de 0,9997 indica probabilidade extremamente elevada de exploração ativa, tornando-a prioridade imediata de mitigação. As 92 CVEs críticas e 18 com PoC pública ampliam a superfície de risco concreto, especialmente considerando que 129 novas vulnerabilidades surgiram nos últimos 90 dias, indicando ritmo relevante de descoberta recente. O tipo de falha mais recorrente, CWE-79 (Cross-Site Scripting), aponta para fragilidades persistentes na camada de apresentação que exigem atenção continuada em práticas de desenvolvimento e validação de entrada.

CVE-2022-43883MEDIUMIBM Cognos Analytics data manipulationEPSS 0.6%CVE-2024-51466CRITICALIBM Cognos Analytics expression language injectionEPSS 0.6%CVE-2018-1362IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 within Citizen Portal could allow an authenticated user to withdraw otherEPSS 0.6%CVE-2021-39011MEDIUMIBM Cloud Pak for Security information disclosureEPSS 0.6%CVE-2022-36777MEDIUMIBM Cloud Pak for Security information disclosureEPSS 0.6%CVE-2022-34306MEDIUMIBM CICS TX Standard and Advanced 11.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. TEPSS 0.6%CVE-2013-0517A Command Execution Vulnerability exists in IBM Sterling External Authentication Server 2.2.0, 2.3.01, 2.4.0, and 2.4.1 via an unspecified OEPSS 0.6%CVE-2020-5002MEDIUMIBM Financial Transaction Manager security bypassEPSS 0.6%CVE-2017-1449IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading aEPSS 0.6%CVE-2020-4848MEDIUMIBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 could allow an authenticated user to initiate a plugin or compare process resourcesEPSS 0.6%CVE-2024-31871HIGHIBM Security Verify Access Appliance improper certificate validationEPSS 0.6%CVE-2024-31872HIGHIBM Security Verify Access Appliance missing certificate validationEPSS 0.6%CVE-2022-39166MEDIUMIBM Security Guardium information disclosureEPSS 0.6%CVE-2026-3660CRITICALIBM Engineering Lifecycle Management - Jazz Foundation is vulnerable to Authentication BypassEPSS 0.6%CVE-2019-4704LOWIBM Security Identity Manager Virtual Appliance 7.0.2 does not set the secure attribute on authorization tokens or session cookies. AttackerEPSS 0.6%CVE-2026-8175CRITICALMultiple vulnerabilities in Aspera applications.EPSS 0.6%CVE-2022-43859MEDIUMIBM Navigator for i SQL injectionEPSS 0.6%CVE-2022-22464MEDIUMIBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 uses weaker than expected cryptographic algorithms that couEPSS 0.6%CVE-2019-4160MEDIUMIBM Security Guardium Data Encryption (GDE) 3.0.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decryEPSS 0.6%CVE-2019-4150LOWIBM Security Access Manager 9.0.1 through 9.0.6 does not validate, or incorrectly validates, a certificate which could allow an attacker to EPSS 0.6%