Vulnerabilidades em IBM

4.759 resultados
Análise Vexday

Com 4.716 CVEs catalogadas, o portfólio da IBM acumula um volume expressivo de vulnerabilidades, embora sua taxa de exploração ativa — 5 entradas no catálogo KEV da CISA, representando 0,11% do total — esteja abaixo da média geral do catálogo (0,45%), o que sugere menor aproveitamento ativo em comparação proporcional com outros vendors. A atenção deve se concentrar em CVE-2022-47986, cuja pontuação EPSS de 0,9997 indica probabilidade extremamente elevada de exploração ativa, tornando-a prioridade imediata de mitigação. As 92 CVEs críticas e 18 com PoC pública ampliam a superfície de risco concreto, especialmente considerando que 129 novas vulnerabilidades surgiram nos últimos 90 dias, indicando ritmo relevante de descoberta recente. O tipo de falha mais recorrente, CWE-79 (Cross-Site Scripting), aponta para fragilidades persistentes na camada de apresentação que exigem atenção continuada em práticas de desenvolvimento e validação de entrada.

CVE-2021-20544MEDIUMIBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticaEPSS 0.5%CVE-2026-3357HIGHIBM Langflow Desktop FAISS Vector Store Remote Code Execution via malicious Pickle fileEPSS 0.5%CVE-2020-4768MEDIUMIBM Case Manager 5.2 and 5.3 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to cross-site scripting. This vulnerabEPSS 0.5%CVE-2022-38386MEDIUMIBM Cloud Pak for Security information disclosureEPSS 0.5%CVE-2024-38337CRITICALIBM Sterling Secure Proxy improper input validationEPSS 0.5%CVE-2023-38724MEDIUMIBM Cognos Controller SQL injectionEPSS 0.5%CVE-2025-0162HIGHIBM Aspera Shares XML external entity injectionEPSS 0.5%CVE-2018-1890MEDIUMIBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevatEPSS 0.5%CVE-2023-27877MEDIUMIBM Planning Analytics Cartridge for Cloud Pak for Data information disclosureEPSS 0.5%CVE-2022-34331MEDIUMIBM Power FW security bypassEPSS 0.5%CVE-2024-49352HIGHIBM Cognos Anaytics XML external entity injectionEPSS 0.5%CVE-2021-20406LOWIBM Security Verify Information Queue information disclosureEPSS 0.5%CVE-2021-20556MEDIUMIBM Cognos Controller information disclosureEPSS 0.5%CVE-2024-56462HIGHIBM QRadar SIEM is vulnerable to using components with known vulnerabilitiesEPSS 0.5%CVE-2022-31776MEDIUMIBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to seEPSS 0.5%CVE-2021-20473MEDIUMIBM Sterling File Gateway User Interface 2.2.0.0 through 6.1.1.0 does not invalidate session after logout which could allow an authenticatedEPSS 0.5%CVE-2021-20455LOWIBM Cognos Controller information disclosureEPSS 0.5%CVE-2021-39055MEDIUMIBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed aEPSS 0.5%CVE-2017-1405MEDIUMIBM Security Identity Manager Virtual Appliance 7.0 processes patches, image backups and other updates without sufficiently verifying the orEPSS 0.5%CVE-2017-1350HIGHIBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 could allow a user to escalate their privileges to administrator due to improperEPSS 0.5%