Vulnerabilidades em IBM

4.761 resultados
Análise Vexday

Com 4.716 CVEs catalogadas, o portfólio da IBM acumula um volume expressivo de vulnerabilidades, embora sua taxa de exploração ativa — 5 entradas no catálogo KEV da CISA, representando 0,11% do total — esteja abaixo da média geral do catálogo (0,45%), o que sugere menor aproveitamento ativo em comparação proporcional com outros vendors. A atenção deve se concentrar em CVE-2022-47986, cuja pontuação EPSS de 0,9997 indica probabilidade extremamente elevada de exploração ativa, tornando-a prioridade imediata de mitigação. As 92 CVEs críticas e 18 com PoC pública ampliam a superfície de risco concreto, especialmente considerando que 129 novas vulnerabilidades surgiram nos últimos 90 dias, indicando ritmo relevante de descoberta recente. O tipo de falha mais recorrente, CWE-79 (Cross-Site Scripting), aponta para fragilidades persistentes na camada de apresentação que exigem atenção continuada em práticas de desenvolvimento e validação de entrada.

CVE-2025-14289MEDIUMIBM webMethods Integration Server is vulnerable to HTML injectionEPSS 0.2%CVE-2023-28956HIGHIBM Spectrum Protect Backup-Archive Client privilege escalationEPSS 0.2%CVE-2025-13489MEDIUMIBM DevOps Deploy is susceptible to a Cleartext Transmission of Sensitive InformationEPSS 0.2%CVE-2022-22321MEDIUMIBM MQ Appliance 9.2 CD and 9.2 LTS local messaging users stored with a password hash that provides insufficient protection. IBM X-Force ID:EPSS 0.2%CVE-2022-22491MEDIUMIBM App Connect Enterprise Certified Container denial of serviceEPSS 0.2%CVE-2025-36085MEDIUMMultiple Vulnerabilities in IBM Concert Software.EPSS 0.2%CVE-2024-40679MEDIUMIBM Db2 information disclosureEPSS 0.2%CVE-2024-45641MEDIUMIBM Security ReaQta improper certificate validationEPSS 0.2%CVE-2025-36410LOWMultiple vulnerabilities found in IBM ApplinX.EPSS 0.2%CVE-2025-36360MEDIUMIBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to an Insufficient Session Expiration vulnerabilityEPSS 0.2%CVE-2021-29904MEDIUMIBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI displays user credentials in plain clear text which can be read EPSS 0.2%CVE-2022-43841MEDIUMIBM Aspera Console information disclosureEPSS 0.2%CVE-2022-43855MEDIUMIBM SPSS Statistics denial of serviceEPSS 0.2%CVE-2025-36065MEDIUMMultiple vulnerabilities were addressed in IBM Sterling Connect:Express for UNIX.EPSS 0.2%CVE-2024-31891HIGHIBM Storage Scale privilege escalationEPSS 0.2%CVE-2022-22478MEDIUMIBM Spectrum Protect Client 8.1.0.0 through 8.1.14.0 stores user credentials in plain clear text which can be read by a local user. IBM X-FoEPSS 0.2%CVE-2026-3346MEDIUMStored Cross-Site Scripting (XSS) in Langflow Markdown Rendering via rehypeRawEPSS 0.2%CVE-2022-22307MEDIUMIBM Security Guardium privilege escalationEPSS 0.2%CVE-2024-45676MEDIUMIBM Cognos Controller file uploadEPSS 0.2%CVE-2022-22484MEDIUMIBM Spectrum Protect Operations Center 8.1.12 and 8.1.13 could allow a local attacker to obtain sensitive information, caused by plain text EPSS 0.2%