Vulnerabilidades em IBM

4.761 resultados
Análise Vexday

Com 4.716 CVEs catalogadas, o portfólio da IBM acumula um volume expressivo de vulnerabilidades, embora sua taxa de exploração ativa — 5 entradas no catálogo KEV da CISA, representando 0,11% do total — esteja abaixo da média geral do catálogo (0,45%), o que sugere menor aproveitamento ativo em comparação proporcional com outros vendors. A atenção deve se concentrar em CVE-2022-47986, cuja pontuação EPSS de 0,9997 indica probabilidade extremamente elevada de exploração ativa, tornando-a prioridade imediata de mitigação. As 92 CVEs críticas e 18 com PoC pública ampliam a superfície de risco concreto, especialmente considerando que 129 novas vulnerabilidades surgiram nos últimos 90 dias, indicando ritmo relevante de descoberta recente. O tipo de falha mais recorrente, CWE-79 (Cross-Site Scripting), aponta para fragilidades persistentes na camada de apresentação que exigem atenção continuada em práticas de desenvolvimento e validação de entrada.

CVE-2024-22347MEDIUMIBM UrbanCode Velocity information disclosureEPSS 0.3%CVE-2020-4408MEDIUMThe IBM QRadar Advisor 1.1 through 2.5.2 with Watson App for IBM QRadar SIEM does not adequately mask all passwords during input, which coulEPSS 0.3%CVE-2026-1567HIGHIBM InfoSphere Information Server is affected by an XML external entity injection (XXE) vulnerabilityEPSS 0.3%CVE-2025-3633MEDIUMIBM Cognos Analytics is affected by multiple security vulnerabilitiesEPSS 0.3%CVE-2025-36220MEDIUMVulnerabilities exists in IBM Cloud Pak for Data System (CPDS 1.0) - Cyclops.EPSS 0.3%CVE-2023-30431HIGHIBM Db2 buffer overflowEPSS 0.3%CVE-2025-13333MEDIUMIBM WebSphere Application Server could provide weaker than expected securityEPSS 0.3%CVE-2025-36091MEDIUMIBM Business Automation Insights unverified ownershipEPSS 0.3%CVE-2019-4140MEDIUMIBM Tivoli Storage Manager Server (IBM Spectrum Protect 7.1 and 8.1) could allow a local user to replace existing databases by restoring oldEPSS 0.3%CVE-2019-4616MEDIUMIBM Cloud Automation Manager 3.2.1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to EPSS 0.3%CVE-2020-4311HIGHIBM Tivoli Monitoring 6.3.0 could allow a local attacker to execute arbitrary code on the system. By placing a specially crafted file, an atEPSS 0.3%CVE-2019-4031HIGHIBM Workload Scheduler Distributed 9.2, 9.3, 9.4, and 9.5 contains a vulnerability that could allow a local user to write files as root in tEPSS 0.3%CVE-2025-2824HIGHIBM Operational Decision Manager HTTP open redirectEPSS 0.3%CVE-2019-4239MEDIUMIBM MQ Advanced Cloud Pak (IBM Cloud Private 1.0.0 through 3.0.1) stores user credentials in plain in clear text which can be read by a locaEPSS 0.3%CVE-2025-3631MEDIUMIBM MQ denial of serviceEPSS 0.3%CVE-2020-4371MEDIUMIBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains sensitive information in leftover debug code that could be used aid a local user in furtheEPSS 0.3%CVE-2024-45640MEDIUMIBM Security QRadar EDR information disclosureEPSS 0.3%CVE-2024-45097MEDIUMIBM Aspera Faspex bypass securityEPSS 0.3%CVE-2023-22875HIGHIBM Security QRadar SIEM information disclosureEPSS 0.3%CVE-2025-1759MEDIUMIBM Concert Software information disclosureEPSS 0.3%