What is the ibm CNA?
ibm is a CVE Numbering Authority (CNA) — an organization authorized to assign CVE IDs to vulnerabilities in its scope. It has published 6,637 CVE records since 2012.
How many CVEs has ibm published?
ibm has published 6,637 CVE records, including 1,093 in the last two years.
What is ibm's CVE data quality grade?
RadicalNotion.AI grades ibm's CVE data quality as F, with an overall completeness score of 57.3%. This reflects how consistently its CVE records include vendor (72.1%), product (72.4%), CVSS (60.5%), and CWE (24.3%) information.
What products does ibm publish CVEs for?
ibm most frequently publishes CVEs for linux kernel, windows, AIX, WebSphere Application Server, DB2.
Which vendors does ibm cover?
ibm publishes CVEs across 13 distinct vendors, most often IBM, linux, microsoft, IBM Corporation, oracle.
Is ibm actively publishing CVEs?
ibm is currently active, based on 1,093 CVEs in the last two years.
What is the average severity of ibm's CVEs?
The average CVSS base score across ibm's scored CVEs is 5.8.
How many critical CVEs has ibm published?
ibm has published 93 critical-severity CVEs and 725 high-severity CVEs.
Are any of ibm's CVEs in CISA's Known Exploited Vulnerabilities catalog?
Yes. 7 of ibm's CVEs are listed in CISA's Known Exploited Vulnerabilities (KEV) catalog, meaning they are confirmed to be exploited in the wild.
What are the most common weakness types in ibm's CVEs?
ibm's CVEs most often map to these CWE weakness types: CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')), CWE-20 (Improper Input Validation), CWE-209 (Generation of Error Message Containing Sensitive Information), CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor).
How does ibm rank among CNAs?
By total CVE volume, ibm ranks #11 of 370 CNAs, and it reports more complete CVE records than 12% of all CNAs.
