5580
CVEs
342
Critical
1293
High
6
KEV
108
PoC
884
Unpatched C/H
44.5%
Patch Rate
1.2%
Avg EPSS
Severity Breakdown
CRITICAL
342
HIGH
1293
MEDIUM
3421
LOW
520
Monthly CVE Trend
Affected Products (30)
Websphere Application Server
246
Db2
212
Maximo Asset Management
149
Infosphere Information Server
145
Sterling B2b Integrator
144
Qradar Security Information And Event Manager
128
Websphere Portal
104
Rational Doors Next Generation
98
Rational Quality Manager
94
Rational Engineering Lifecycle Manager
83
Rational Team Concert
83
Aix
82
Security Guardium
81
Java
80
Business Process Manager
76
Sterling File Gateway
76
Rational Collaborative Lifecycle Management
68
Vios
67
Open Redirect
65
Cognos Analytics
63
Smartcloud Control Desk
62
Security Key Lifecycle Manager
58
Security Verify Access
56
Websphere Mq
54
Rational Rhapsody Design Manager
53
Api Connect
53
Windows
52
Urbancode Deploy
51
Rational Software Architect Design Manager
50
Concert
50
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2015-7450 | Remote code execution in IBM Sterling B2B Integrator, Sterling Integrator, and Tivoli Common Reporting allows unauthenticated network attackers to execute arbitrary commands by sending malicious serialized Java objects exploiting the Apache Commons Collections InvokerTransformer class. This vulnerability is confirmed actively exploited in the wild per CISA KEV, with public exploit code available (Exploit-DB 41613) and an exceptionally high EPSS score of 93.49%, indicating near-certain exploitation probability. Affected products include Sterling B2B Integrator 5.2, Sterling Integrator 5.1, and Tivoli Common Reporting versions 2.1 through 3.1.2.1. | CRITICAL | 9.8 | 93.5% | 237 |
KEV
PoC
No patch
|
| CVE-2017-1092 | IBM Informix Open Admin Tool 11.5, 11.7, and 12.1 could allow an unauthorized user to execute arbitrary code as system admin on Windows servers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 81.6%. | CRITICAL | 9.8 | 81.6% | 166 |
PoC
|
| CVE-2012-0202 | Multiple stack-based buffer overflows in tm1admsd.exe in the Admin Server in IBM Cognos TM1 9.4.x and 9.5.x before 9.5.2 FP2 allow remote attackers to cause a denial of service (daemon crash) or. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 79.0%. | CRITICAL | 10.0 | 79.0% | 164 |
PoC
No patch
|
| CVE-2012-0201 | Stack-based buffer overflow in pcspref.dll in pcsws.exe in IBM Personal Communications 5.9.x before 5.9.8 and 6.0.x before 6.0.4 might allow remote attackers to execute arbitrary code via a long. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 75.1%. | CRITICAL | 9.3 | 75.1% | 157 |
PoC
No patch
|
| CVE-2012-0198 | Stack-based buffer overflow in the RunAndUploadFile method in the Isig.isigCtl.1 ActiveX control in IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1 allows remote attackers to. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 68.4%. | CRITICAL | 9.3 | 68.4% | 150 |
PoC
No patch
|
| CVE-2012-0708 | Heap-based buffer overflow in the Ole API in the CQOle ActiveX control in cqole.dll in IBM Rational ClearQuest 7.1.1 before 7.1.1.9, 7.1.2 before 7.1.2.6, and 8.0.0 before 8.0.0.2 allows remote. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 66.6%. | CRITICAL | 9.3 | 66.6% | 148 |
PoC
No patch
|
| CVE-2012-2175 | Buffer overflow in the Attachment_Times method in a certain ActiveX control in dwa85W.dll in IBM Lotus iNotes 8.5.x before 8.5.3 FP2 allows remote attackers to execute arbitrary code via a long. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 66.5%. | CRITICAL | 9.3 | 66.5% | 148 |
PoC
No patch
|
| CVE-2012-5946 | Buffer overflow in the c1sizer ActiveX control in C1sizer.ocx in IBM SPSS SamplePower 3.0 before FP1 allows remote attackers to execute arbitrary code via a long TabCaption string. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 66.2%. | CRITICAL | 9.3 | 66.2% | 148 |
PoC
No patch
|
| CVE-2012-2174 | The URL handler in IBM Lotus Notes 8.x before 8.5.3 FP2 allows remote attackers to execute arbitrary code via a crafted notes:// URL. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 64.6%. | CRITICAL | 9.3 | 64.6% | 146 |
PoC
No patch
|
| CVE-2012-2176 | Multiple stack-based buffer overflows in a certain ActiveX control in qp2.cab in IBM Lotus Quickr 8.2 before 8.2.0.27-002a for Domino allow remote attackers to execute arbitrary code via a long. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 61.9%. | CRITICAL | 9.3 | 61.9% | 143 |
PoC
No patch
|
| CVE-2013-5447 | Stack-based buffer overflow in IBM Forms Viewer 4.x before 4.0.0.3 and 8.x before 8.0.1.1 allows remote attackers to execute arbitrary code via an XFDL form with a long fontname value. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 68.3%. | MEDIUM | 6.8 | 68.3% | 137 |
PoC
No patch
|
| CVE-2015-1930 | Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 70.0%. | HIGH | 7.8 | 70.0% | 129 |
PoC
No patch
|
| CVE-2017-1129 | IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 68.5%. | MEDIUM | 6.5 | 68.5% | 121 |
PoC
|
| CVE-2017-1130 | IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 65.5%. | MEDIUM | 6.5 | 65.5% | 118 |
PoC
|
| CVE-2014-7192 | Eval injection vulnerability in index.js in the syntax-error package before 1.1.1 for Node.js 0.10.x, as used in IBM Rational Application Developer and other products, allows remote attackers to. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 43.9%. | CRITICAL | 10.0 | 43.9% | 114 |
PoC
|