Vulnerabilidades em IBM

4.761 resultados
Análise Vexday

Com 4.716 CVEs catalogadas, o portfólio da IBM acumula um volume expressivo de vulnerabilidades, embora sua taxa de exploração ativa — 5 entradas no catálogo KEV da CISA, representando 0,11% do total — esteja abaixo da média geral do catálogo (0,45%), o que sugere menor aproveitamento ativo em comparação proporcional com outros vendors. A atenção deve se concentrar em CVE-2022-47986, cuja pontuação EPSS de 0,9997 indica probabilidade extremamente elevada de exploração ativa, tornando-a prioridade imediata de mitigação. As 92 CVEs críticas e 18 com PoC pública ampliam a superfície de risco concreto, especialmente considerando que 129 novas vulnerabilidades surgiram nos últimos 90 dias, indicando ritmo relevante de descoberta recente. O tipo de falha mais recorrente, CWE-79 (Cross-Site Scripting), aponta para fragilidades persistentes na camada de apresentação que exigem atenção continuada em práticas de desenvolvimento e validação de entrada.

CVE-2025-36017MEDIUMIBM Controller Information DisclosureEPSS 0.2%CVE-2022-22328MEDIUMIBM SterlingPartner Engagement Manager 6.2.0 could allow a malicious user to elevate their privileges and perform unintended operations to aEPSS 0.2%CVE-2024-35139MEDIUMIBM Security Access Manager Docker information disclosureEPSS 0.2%CVE-2025-64650MEDIUMIBM Storage Defender - Resiliency Service Information DisclosureEPSS 0.2%CVE-2017-1309IBM InfoSphere Master Data Management Server 11.0 - 11.6 stores user credentials in plain in clear text which can be read by a local user. IEPSS 0.2%CVE-2024-35118MEDIUMIBM MaaS360 information disclosureEPSS 0.2%CVE-2025-1333MEDIUMIBM MQ Operator information disclosureEPSS 0.2%CVE-2023-30998HIGHIBM Security Access Manager Docker privilege escalationEPSS 0.2%CVE-2021-29671MEDIUMIBM Spectrum Scale 5.1.0.1 could allow a local attacker to bypass the filesystem audit logging mechanism when file audit logging is enabled.EPSS 0.2%CVE-2024-47115HIGHIBM AIX command executionEPSS 0.2%CVE-2023-26024MEDIUMIBM Planning Analytics on Cloud Pak for Data information disclosureEPSS 0.2%CVE-2023-33838MEDIUMIBM Security Verify Governance information disclosureEPSS 0.2%CVE-2023-30997HIGHIBM Security Access Manager Docker privilege escalationEPSS 0.2%CVE-2025-36323MEDIUMVulnerabilities found in Watson Data IntelligenceEPSS 0.2%CVE-2021-38976MEDIUMIBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 stores user credentials in plain clear text which can be read by a local user. X-FEPSS 0.2%CVE-2020-8332MEDIUMA potential vulnerability in the SMI callback function used in the legacy BIOS mode USB drivers in some legacy Lenovo and IBM System x serveEPSS 0.2%CVE-2021-38995MEDIUMIBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial oEPSS 0.2%CVE-2025-0161HIGHIBM Security Verify Access Appliance code injectionEPSS 0.2%CVE-2022-22426LOWIBM Spectrum Copy Data Management Admin 2.2.0.0 through 2.2.15.0 could allow a local attacker to bypass authentication restrictions, caused EPSS 0.2%CVE-2024-45082MEDIUMIBM Cognos Analytics HTTP open redirectionEPSS 0.2%