- What is the ibm CNA?
- ibm is a CVE Numbering Authority (CNA) — an organization authorized to assign CVE IDs to vulnerabilities in its scope. It has published 6,637 CVE records since 2012.
- How many CVEs has ibm published?
- ibm has published 6,637 CVE records, including 1,093 in the last two years.
- What is ibm's CVE data quality grade?
- RadicalNotion.AI grades ibm's CVE data quality as F, with an overall completeness score of 57.3%. This reflects how consistently its CVE records include vendor (72.1%), product (72.4%), CVSS (60.5%), and CWE (24.3%) information.
- What products does ibm publish CVEs for?
- ibm most frequently publishes CVEs for linux kernel, windows, AIX, WebSphere Application Server, DB2.
- Which vendors does ibm cover?
- ibm publishes CVEs across 13 distinct vendors, most often IBM Corporation, linux, microsoft, oracle, hp.
- Is ibm actively publishing CVEs?
- ibm is currently active, based on 1,093 CVEs in the last two years.
- What is the average severity of ibm's CVEs?
- The average CVSS base score across ibm's scored CVEs is 5.8.
- How many critical CVEs has ibm published?
- ibm has published 470 critical-severity CVEs and 1,755 high-severity CVEs.
- Are any of ibm's CVEs in CISA's Known Exploited Vulnerabilities catalog?
- Yes. 7 of ibm's CVEs are listed in CISA's Known Exploited Vulnerabilities (KEV) catalog, meaning they are confirmed to be exploited in the wild.
- What are the most common weakness types in ibm's CVEs?
- ibm's CVEs most often map to these CWE weakness types: CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')), CWE-20 (Improper Input Validation), CWE-209 (Generation of Error Message Containing Sensitive Information), CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor).
- How does ibm rank among CNAs?
- By total CVE volume, ibm ranks #11 of 370 CNAs, and it reports more complete CVE records than 12% of all CNAs.