Vulnerabilidades em IBM

4.761 resultados
Análise Vexday

Com 4.716 CVEs catalogadas, o portfólio da IBM acumula um volume expressivo de vulnerabilidades, embora sua taxa de exploração ativa — 5 entradas no catálogo KEV da CISA, representando 0,11% do total — esteja abaixo da média geral do catálogo (0,45%), o que sugere menor aproveitamento ativo em comparação proporcional com outros vendors. A atenção deve se concentrar em CVE-2022-47986, cuja pontuação EPSS de 0,9997 indica probabilidade extremamente elevada de exploração ativa, tornando-a prioridade imediata de mitigação. As 92 CVEs críticas e 18 com PoC pública ampliam a superfície de risco concreto, especialmente considerando que 129 novas vulnerabilidades surgiram nos últimos 90 dias, indicando ritmo relevante de descoberta recente. O tipo de falha mais recorrente, CWE-79 (Cross-Site Scripting), aponta para fragilidades persistentes na camada de apresentação que exigem atenção continuada em práticas de desenvolvimento e validação de entrada.

CVE-2023-47742MEDIUMIBM QRadar Suite information dislosureEPSS 0.2%CVE-2024-39723MEDIUMIBM FlashSystem denial of serviceEPSS 0.2%CVE-2018-1877MEDIUMIBM Robotic Process Automation with Automation Anywhere 11 could store highly sensitive information in the form of unencrypted passwords thaEPSS 0.2%CVE-2024-40690MEDIUMIBM InfoSphere Server cross-site scriptingEPSS 0.2%CVE-2025-36122MEDIUMIBM® Db2® is vulnerable to a denial of service with a specially crafted query when stmtheap is set to automaticEPSS 0.2%CVE-2024-49337MEDIUMIBM OpenPages HTML injectionEPSS 0.2%CVE-2020-4631MEDIUMIBM Spectrum Protect Plus 10.1.0 through 10.1.6 agent files, in non-default configurations, on Windows are assigned access to everyone with EPSS 0.2%CVE-2017-1575MEDIUMIBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway 2.2.0 through 2.2.6) uses weaker than expected cryptographic algoritEPSS 0.2%CVE-2019-4351LOWIBM Maximo Anywhere 7.6.4.0 applications could disclose sensitive information to a user with physical access to the device. IBM X-Force ID: EPSS 0.2%CVE-2020-5021MEDIUMIBM Spectrum Protect Plus 10.1.0 through 10.1.6 does not invalidate session after a password reset which could allow a local user to impersoEPSS 0.2%CVE-2025-2667LOWIBM Sterling B2B Integrator information disclosureEPSS 0.2%CVE-2022-22380MEDIUMIBM Security Verify Privilege improper authenticationEPSS 0.2%CVE-2026-6052MEDIUMIBM® Db2® is vulnerable to running out of memory when executing certain queries with MDC tablesEPSS 0.2%CVE-2025-36423MEDIUMIBM Db2 Denial of ServiceEPSS 0.2%CVE-2024-49797MEDIUMIBM ApplinX Information DisclosureEPSS 0.2%CVE-2025-14810MEDIUMIBM InfoSphere Information Server is vulnerable due to insufficient session expirationEPSS 0.2%CVE-2025-0985MEDIUMIBM MQ information disclosureEPSS 0.2%CVE-2026-1262MEDIUMIBM InfoSphere Information Server Information DisclosureEPSS 0.2%CVE-2026-9836LOWIBM DataStage Flow Designer application is affected by an information disclosure vulnerabilityEPSS 0.2%CVE-2025-66486MEDIUMMultiple vulnerabilities have been addressed in IBM Aspera SharesEPSS 0.2%