- How many CVEs does IBM have?
- IBM has 8,380 published CVE records since 1999, including 982 in the last two years.
- How many IBM CVEs are in CISA KEV?
- Yes — 10 of IBM's CVEs are listed in CISA's Known Exploited Vulnerabilities catalog, confirmed exploited in the wild and carrying a CISA remediation deadline.
- Which IBM products have the most CVEs?
- The IBM products with the most published CVEs are AIX, WebSphere Application Server, Db2, Rational Quality Manager, Infosphere Information Server.
- What are the most common weakness types in IBM CVEs?
- IBM's CVEs most often map to these CWE weakness types: CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')), CWE-20 (Improper Input Validation), CWE-209 (Generation of Error Message Containing Sensitive Information), CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor).
- Are there public exploits for IBM vulnerabilities?
- Yes — 316 of IBM's CVEs have a known public exploit.
- How many critical IBM vulnerabilities are there?
- IBM has 740 critical and 2,120 high-severity CVEs.
- What is the average severity of IBM CVEs?
- The average CVSS base score across IBM's scored CVEs is 6.2.