Vulnerabilidades em IBM

4.759 resultados
Análise Vexday

Com 4.716 CVEs catalogadas, o portfólio da IBM acumula um volume expressivo de vulnerabilidades, embora sua taxa de exploração ativa — 5 entradas no catálogo KEV da CISA, representando 0,11% do total — esteja abaixo da média geral do catálogo (0,45%), o que sugere menor aproveitamento ativo em comparação proporcional com outros vendors. A atenção deve se concentrar em CVE-2022-47986, cuja pontuação EPSS de 0,9997 indica probabilidade extremamente elevada de exploração ativa, tornando-a prioridade imediata de mitigação. As 92 CVEs críticas e 18 com PoC pública ampliam a superfície de risco concreto, especialmente considerando que 129 novas vulnerabilidades surgiram nos últimos 90 dias, indicando ritmo relevante de descoberta recente. O tipo de falha mais recorrente, CWE-79 (Cross-Site Scripting), aponta para fragilidades persistentes na camada de apresentação que exigem atenção continuada em práticas de desenvolvimento e validação de entrada.

CVE-2023-28522MEDIUMIBM API Connect improper access controlEPSS 0.5%CVE-2024-52901MEDIUMIBM InfoSphere Information Server denial of serviceEPSS 0.5%CVE-2022-33955MEDIUMIBM CICS TX 11.1 could allow allow an attacker with physical access to the system to execute code due using a back and refresh attack. IBM XEPSS 0.5%CVE-2021-29769LOWIBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) does not set the secure attribute on authorization tokens or sessEPSS 0.5%CVE-2023-33846MEDIUMIBM CICS TX cross-site scriptingEPSS 0.5%CVE-2022-33169MEDIUMIBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to insufficiently protected credentials for users created via a bulkEPSS 0.5%CVE-2025-36251CRITICALAIX Command ExecutionEPSS 0.5%CVE-2026-9311CRITICALIBM WebSphere Application Server is affected by remote code executionEPSS 0.5%CVE-2019-4014HIGHIBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could EPSS 0.5%CVE-2018-1936HIGHIBM DB2 9.7, 10.1, 10.5, and 11.1 libdb2e.so.1 is vulnerable to a stack based buffer overflow, caused by improper bounds checking which coulEPSS 0.5%CVE-2022-32756LOWIBM Security Verify Directory information disclosureEPSS 0.5%CVE-2023-46169MEDIUMIBM DS8900F file manipulationEPSS 0.5%CVE-2025-13375CRITICALIBM Common Cryptographic Architecture Arbitrary Command ExecutionEPSS 0.5%CVE-2021-38911MEDIUMIBM Security Risk Manager on CP4S 1.7.0.0 stores user credentials in plain clear text which can be read by a an authenticatedl privileged usEPSS 0.5%CVE-2022-35281MEDIUMIBM Maximo Application Suite command injectionEPSS 0.5%CVE-2022-22373MEDIUMAn improper validation vulnerability in IBM InfoSphere Information Server 11.7 Pack for SAP Apps and BW Packs may lead to creation of directEPSS 0.5%CVE-2021-20451MEDIUMIBM Cognos Controller SQL injectionEPSS 0.5%CVE-2021-20347MEDIUMIBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacEPSS 0.5%CVE-2021-20343MEDIUMIBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacEPSS 0.5%CVE-2021-20345MEDIUMIBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacEPSS 0.5%