Vulnerabilidades em IBM

4.759 resultados
Análise Vexday

Com 4.716 CVEs catalogadas, o portfólio da IBM acumula um volume expressivo de vulnerabilidades, embora sua taxa de exploração ativa — 5 entradas no catálogo KEV da CISA, representando 0,11% do total — esteja abaixo da média geral do catálogo (0,45%), o que sugere menor aproveitamento ativo em comparação proporcional com outros vendors. A atenção deve se concentrar em CVE-2022-47986, cuja pontuação EPSS de 0,9997 indica probabilidade extremamente elevada de exploração ativa, tornando-a prioridade imediata de mitigação. As 92 CVEs críticas e 18 com PoC pública ampliam a superfície de risco concreto, especialmente considerando que 129 novas vulnerabilidades surgiram nos últimos 90 dias, indicando ritmo relevante de descoberta recente. O tipo de falha mais recorrente, CWE-79 (Cross-Site Scripting), aponta para fragilidades persistentes na camada de apresentação que exigem atenção continuada em práticas de desenvolvimento e validação de entrada.

CVE-2019-4601MEDIUMIBM Quality Manager (RQM) 6.02, 6.06, and 6.0.6.1 could allow an authenticated user to obtain sensitive information from a stack trace that EPSS 1.0%CVE-2017-1398IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 6.0, 7.0, and 8.0 could allow a remote attacker to conduct phishing EPSS 1.0%CVE-2019-4512MEDIUMIBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks agaEPSS 1.0%CVE-2019-4308MEDIUMIBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 1EPSS 1.0%CVE-2019-4485MEDIUMIBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 1EPSS 1.0%CVE-2019-4163MEDIUMIBM StoreIQ 7.6.0.0. through 7.6.0.18 could allow an authenticated user to obtain sensitive information that a privileged user should only bEPSS 1.0%CVE-2020-4357MEDIUMIBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a remote attacker to obtain sensitive information when a detailed technical error mesEPSS 1.0%CVE-2022-43869MEDIUMIBM Spectrum Scale denial of serviceEPSS 1.0%CVE-2018-1999MEDIUMIBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could reveal sensitive version information about the server from error pagEPSS 1.0%CVE-2020-4361MEDIUMIBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information by disclosing private IP addresses in HTTP responseEPSS 1.0%CVE-2017-1668IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 could allow a remote attacker to conduct phishing attacks, using an open redirect attack.EPSS 1.0%CVE-2019-4583MEDIUMIBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 could allow an authenticated user to obtain sensitive information from a stack trace that cEPSS 1.0%CVE-2019-4257MEDIUMIBM InfoSphere Information Server 11.5 and 11.7 is affected by an information disclosure vulnerability. Sensitive information in an error meEPSS 1.0%CVE-2017-1110IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 contains an unspecified vulnerability that could allow an authenticated user to vEPSS 1.0%CVE-2021-29728MEDIUMIBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 contains hard-coded credentials, such as a password or cryptographic key, whichEPSS 1.0%CVE-2021-29847MEDIUMBMC firmware (IBM Power System S821LC Server (8001-12C) OP825.50) configuration changed to allow an authenticated user to open an insecure cEPSS 1.0%CVE-2018-1777MEDIUMIBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbiEPSS 1.0%CVE-2023-45185HIGHIBM i Access Client Solutions code executionEPSS 1.0%CVE-2020-4749MEDIUMIBM Spectrum Scale 5.0.0 through 5.0.5.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be ableEPSS 1.0%CVE-2017-1769IBM Business Process Manager 8.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorEPSS 1.0%