Vulnerabilidades em IBM

4.761 resultados
Análise Vexday

Com 4.716 CVEs catalogadas, o portfólio da IBM acumula um volume expressivo de vulnerabilidades, embora sua taxa de exploração ativa — 5 entradas no catálogo KEV da CISA, representando 0,11% do total — esteja abaixo da média geral do catálogo (0,45%), o que sugere menor aproveitamento ativo em comparação proporcional com outros vendors. A atenção deve se concentrar em CVE-2022-47986, cuja pontuação EPSS de 0,9997 indica probabilidade extremamente elevada de exploração ativa, tornando-a prioridade imediata de mitigação. As 92 CVEs críticas e 18 com PoC pública ampliam a superfície de risco concreto, especialmente considerando que 129 novas vulnerabilidades surgiram nos últimos 90 dias, indicando ritmo relevante de descoberta recente. O tipo de falha mais recorrente, CWE-79 (Cross-Site Scripting), aponta para fragilidades persistentes na camada de apresentação que exigem atenção continuada em práticas de desenvolvimento e validação de entrada.

CVE-2023-42014MEDIUMIBM Sterling B2B Integrator Standard Edition cross-site scriptingEPSS 0.3%CVE-2025-36365MEDIUMIBM Db2 Privilege EscalationEPSS 0.3%CVE-2024-25050HIGHIBM i privilege escalationEPSS 0.3%CVE-2022-22359MEDIUMIBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to cross-site request forgery which could allow an attEPSS 0.3%CVE-2026-8834HIGHIBM HTTP Server is affected by multiple vulnerabilitiesEPSS 0.3%CVE-2017-1764IBM Cognos Business Intelligence 10.2, 10.2.1, 10.2.1.1, and 10.2.2, under specialized circumstances, could expose plain text credentials toEPSS 0.3%CVE-2025-33015HIGHMultiple Vulnerabilities in IBM Concert SoftwareEPSS 0.3%CVE-2025-1500MEDIUMIBM Maximo Application Suite file uploadEPSS 0.3%CVE-2026-8858HIGHWebSphere Application Server Remote Code ExecutionEPSS 0.3%CVE-2024-27263MEDIUMIBM Sterling B2B Integrator information disclosureEPSS 0.3%CVE-2024-49355MEDIUMIBM OpenPages log manipulationEPSS 0.3%CVE-2024-47119MEDIUMIBM Storage Defender - Resiliency Service improper certificate validationEPSS 0.3%CVE-2019-4508MEDIUMIBM QRadar SIEM 7.3.0 through 7.3.3 uses weak credential storage in some instances which could be decrypted by a local attacker. IBM X-ForceEPSS 0.3%CVE-2024-45647MEDIUMIBM Security Verify Access unverified password changeEPSS 0.3%CVE-2025-1997MEDIUMIBM UrbanCode Deploy (UCD) / IBM DevOps Deploy HTML injectionEPSS 0.3%CVE-2026-7663CRITICALUnauthenticated Cross-User MCP Resource Access and Tool Execution via Streamable Transport Authorization BypassEPSS 0.3%CVE-2024-37528MEDIUMIBM Cloud Pak for Business Automation cross-site scriptingEPSS 0.3%CVE-2021-20491MEDIUMIBM Spectrum Protect Server 7.1 and 8.1 is subject to a stack-based buffer overflow caused by improper bounds checking during the parsing ofEPSS 0.3%CVE-2024-41745MEDIUMIBM CICS TX Standard cross-site scriptingEPSS 0.3%CVE-2021-29860MEDIUMIBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the libc.a library to expose sensitive EPSS 0.3%