Vulnerabilidades em IBM

4.761 resultados
Análise Vexday

Com 4.716 CVEs catalogadas, o portfólio da IBM acumula um volume expressivo de vulnerabilidades, embora sua taxa de exploração ativa — 5 entradas no catálogo KEV da CISA, representando 0,11% do total — esteja abaixo da média geral do catálogo (0,45%), o que sugere menor aproveitamento ativo em comparação proporcional com outros vendors. A atenção deve se concentrar em CVE-2022-47986, cuja pontuação EPSS de 0,9997 indica probabilidade extremamente elevada de exploração ativa, tornando-a prioridade imediata de mitigação. As 92 CVEs críticas e 18 com PoC pública ampliam a superfície de risco concreto, especialmente considerando que 129 novas vulnerabilidades surgiram nos últimos 90 dias, indicando ritmo relevante de descoberta recente. O tipo de falha mais recorrente, CWE-79 (Cross-Site Scripting), aponta para fragilidades persistentes na camada de apresentação que exigem atenção continuada em práticas de desenvolvimento e validação de entrada.

CVE-2023-40695MEDIUMIBM Cognos Controller session fixationEPSS 0.4%CVE-2018-1498MEDIUMIBM Security Guardium EcoSystem 10.5 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 14122EPSS 0.4%CVE-2018-1515HIGHIBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 and 11.1, under specific or unusual conditions, could allow a local uEPSS 0.4%CVE-2019-4284MEDIUMIBM Cloud Private 2.1.0 , 3.1.0, 3.1.1, and 3.1.2 could allow a local privileged user to obtain sensitive OIDC token that is printed to log EPSS 0.4%CVE-2019-4225MEDIUMIBM PureApplication System 2.2.3.0 through 2.2.5.3 stores potentially sensitive information in log files that could be read by a local user.EPSS 0.4%CVE-2023-28520MEDIUMIBM Planning Analytics Local cross-site scriptingEPSS 0.4%CVE-2017-1681IBM WebSphere Application Server (IBM Liberty for Java for Bluemix 3.15) could allow a local attacker to obtain sensitive information, causeEPSS 0.4%CVE-2025-36070MEDIUMIBM Db2 Denial of ServiceEPSS 0.4%CVE-2016-8939IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) clients/agents store password information in the Windows Registry in a manner EPSS 0.4%CVE-2022-22454MEDIUMIBM InfoSphere Information Server 11.7 could allow a locally authenticated attacker to execute arbitrary commands on the system by sending aEPSS 0.3%CVE-2020-4756MEDIUMIBM Spectrum Scale V4.2.0.0 through V4.2.3.23 and V5.0.0.0 through V5.0.5.2 as well as IBM Elastic Storage System 6.0.0 through 6.0.1.0 coulEPSS 0.3%CVE-2023-47699MEDIUMIBM Secure Proxy cross-site scriptingEPSS 0.3%CVE-2023-47144MEDIUMIBM Tivoli Application Dependency Discovery Manager cross-site scriptingEPSS 0.3%CVE-2017-1714IBM Notes and Domino NSD 8.5 and 9.0 could allow an authenticated local user without administrative privileges to gain System privilege. IBMEPSS 0.3%CVE-2023-47162MEDIUMIBM Secure Proxy cross-site scriptingEPSS 0.3%CVE-2023-47727MEDIUMIBM QRadar Suite Software file manipulationEPSS 0.3%CVE-2022-41291MEDIUMIBM InfoSphere Information Server 11.7 does not invalidate session after logout which could allow an authenticated user to impersonate anothEPSS 0.3%CVE-2019-4161MEDIUMIBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 discloses sensitive information to unauthorized users. The information can be EPSS 0.3%CVE-2020-4640LOWCertain IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 configurations can result in sensitive information in tEPSS 0.3%CVE-2023-23475MEDIUMIBM Infosphere Information Server cross-site scriptingEPSS 0.3%