Vulnerabilidades em IBM

4.759 resultados
Análise Vexday

Com 4.716 CVEs catalogadas, o portfólio da IBM acumula um volume expressivo de vulnerabilidades, embora sua taxa de exploração ativa — 5 entradas no catálogo KEV da CISA, representando 0,11% do total — esteja abaixo da média geral do catálogo (0,45%), o que sugere menor aproveitamento ativo em comparação proporcional com outros vendors. A atenção deve se concentrar em CVE-2022-47986, cuja pontuação EPSS de 0,9997 indica probabilidade extremamente elevada de exploração ativa, tornando-a prioridade imediata de mitigação. As 92 CVEs críticas e 18 com PoC pública ampliam a superfície de risco concreto, especialmente considerando que 129 novas vulnerabilidades surgiram nos últimos 90 dias, indicando ritmo relevante de descoberta recente. O tipo de falha mais recorrente, CWE-79 (Cross-Site Scripting), aponta para fragilidades persistentes na camada de apresentação que exigem atenção continuada em práticas de desenvolvimento e validação de entrada.

CVE-2024-31883MEDIUMIBM Security Verify Access denial of serviceEPSS 0.6%CVE-2020-4773MEDIUMA cross-site request forgery (CSRF) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which is an attack that fEPSS 0.6%CVE-2024-39743MEDIUMIBM MQ Container denial of serviceEPSS 0.6%CVE-2021-39054MEDIUMIBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to hijack the clicking action of the victim. By persuadinEPSS 0.6%CVE-2022-43883MEDIUMIBM Cognos Analytics data manipulationEPSS 0.6%CVE-2024-51466CRITICALIBM Cognos Analytics expression language injectionEPSS 0.6%CVE-2018-1362IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 within Citizen Portal could allow an authenticated user to withdraw otherEPSS 0.6%CVE-2022-36777MEDIUMIBM Cloud Pak for Security information disclosureEPSS 0.6%CVE-2013-0517A Command Execution Vulnerability exists in IBM Sterling External Authentication Server 2.2.0, 2.3.01, 2.4.0, and 2.4.1 via an unspecified OEPSS 0.6%CVE-2021-39011MEDIUMIBM Cloud Pak for Security information disclosureEPSS 0.6%CVE-2020-5002MEDIUMIBM Financial Transaction Manager security bypassEPSS 0.6%CVE-2017-1449IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading aEPSS 0.6%CVE-2020-4848MEDIUMIBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 could allow an authenticated user to initiate a plugin or compare process resourcesEPSS 0.6%CVE-2022-39166MEDIUMIBM Security Guardium information disclosureEPSS 0.6%CVE-2024-31871HIGHIBM Security Verify Access Appliance improper certificate validationEPSS 0.6%CVE-2024-31872HIGHIBM Security Verify Access Appliance missing certificate validationEPSS 0.6%CVE-2026-3660CRITICALIBM Engineering Lifecycle Management - Jazz Foundation is vulnerable to Authentication BypassEPSS 0.6%CVE-2019-4704LOWIBM Security Identity Manager Virtual Appliance 7.0.2 does not set the secure attribute on authorization tokens or session cookies. AttackerEPSS 0.6%CVE-2026-8175CRITICALMultiple vulnerabilities in Aspera applications.EPSS 0.6%CVE-2022-43859MEDIUMIBM Navigator for i SQL injectionEPSS 0.6%