Vulnerabilidades em IBM

4.761 resultados
Análise Vexday

Com 4.716 CVEs catalogadas, o portfólio da IBM acumula um volume expressivo de vulnerabilidades, embora sua taxa de exploração ativa — 5 entradas no catálogo KEV da CISA, representando 0,11% do total — esteja abaixo da média geral do catálogo (0,45%), o que sugere menor aproveitamento ativo em comparação proporcional com outros vendors. A atenção deve se concentrar em CVE-2022-47986, cuja pontuação EPSS de 0,9997 indica probabilidade extremamente elevada de exploração ativa, tornando-a prioridade imediata de mitigação. As 92 CVEs críticas e 18 com PoC pública ampliam a superfície de risco concreto, especialmente considerando que 129 novas vulnerabilidades surgiram nos últimos 90 dias, indicando ritmo relevante de descoberta recente. O tipo de falha mais recorrente, CWE-79 (Cross-Site Scripting), aponta para fragilidades persistentes na camada de apresentação que exigem atenção continuada em práticas de desenvolvimento e validação de entrada.

CVE-2022-34312MEDIUMIBM CICS TX information disclosureEPSS 0.2%CVE-2026-2483MEDIUMIBM InfoSphere Information Server Cross-Site ScriptingEPSS 0.2%CVE-2026-1015MEDIUMIBM InfoSphere Information Server is vulnerable to server-side request forgeryEPSS 0.2%CVE-2024-56470MEDIUMIBM Aspera Shares Server-Side Request ForgeryEPSS 0.2%CVE-2021-20434MEDIUMIBM Security Verify Bridge 1.0.5.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 196346.EPSS 0.2%CVE-2024-35117MEDIUMIBM OpenPages with Watson information disclosureEPSS 0.2%CVE-2020-4369MEDIUMIBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores highly sensitive information in cleartext that could be obtained by a user. IBM X-Force ID: EPSS 0.2%CVE-2026-1243MEDIUMIBM Content Navigator is affected by , a Cross-Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2025-27550LOWIBM Jazz Reporting Service Information DisclosureEPSS 0.2%CVE-2023-38005MEDIUMImproper Access Control and Exposure of Information Through Directory Listing vulnerabilities affect IBM Cloud Pak System[, ]EPSS 0.2%CVE-2024-56471MEDIUMIBM Aspera Shares Server-Side Request ForgeryEPSS 0.2%CVE-2023-22874MEDIUMIBM MQ denial of serviceEPSS 0.2%CVE-2024-28776MEDIUMIBM Cognos Controller cross-site scriptingEPSS 0.2%CVE-2021-20532HIGHIBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 could allow a local user to escalate their privileges to take full control of the systeEPSS 0.2%CVE-2023-38265MEDIUMImproper Access Control and Exposure of Information Through Directory Listing vulnerabilities affect IBM Cloud Pak System[, ]EPSS 0.2%CVE-2024-22349MEDIUMIBM UrbanCode Velocity information disclosureEPSS 0.2%CVE-2023-40693MEDIUMIBM Sterling B2B Integrator and IBM Sterling File Gateway Cross-Site ScriptingEPSS 0.2%CVE-2025-14811LOWIBM Sterling Partner Engagement Manager Information DisclosureEPSS 0.2%CVE-2020-4191MEDIUMIBM Security Guardium 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive inforEPSS 0.2%CVE-2024-27256MEDIUMIBM MQ Operator information disclosureEPSS 0.2%