Vulnerabilites related to ibm - aspera_faspex
cve-2022-22402
Vulnerability from cvelistv5
Published
2023-09-08 21:22
Modified
2024-09-25 20:03
Severity ?
EPSS score ?
Summary
IBM Aspera Faspex 5.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 222571.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7029681 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/222571 | vdb-entry |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Faspex |
Version: 5.0.5 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:14:54.659Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/7029681", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/222571", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-22402", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-25T16:23:07.237400Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-25T20:03:30.294Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Aspera Faspex", vendor: "IBM", versions: [ { status: "affected", version: "5.0.5", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Aspera Faspex 5.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 222571.", }, ], value: "IBM Aspera Faspex 5.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 222571.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-08T21:22:48.458Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7029681", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/222571", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Aspera Faspex cross-site scripting", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2022-22402", datePublished: "2023-09-08T21:22:48.458Z", dateReserved: "2022-01-03T22:29:20.952Z", dateUpdated: "2024-09-25T20:03:30.294Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-40745
Vulnerability from cvelistv5
Published
2024-04-19 17:01
Modified
2024-08-03 12:28
Severity ?
EPSS score ?
Summary
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to weaker than expected security. IBM X-Force ID: 236452.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7148632 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/236452 | vdb-entry |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Faspex |
Version: 5.0.0 ≤ 5.0.7 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "aspera_faspex", vendor: "ibm", versions: [ { status: "affected", version: "5.0.0", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2022-40745", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-04-23T19:21:53.504235Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:15:38.344Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-03T12:28:42.305Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/7148632", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/236452", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Aspera Faspex", vendor: "IBM", versions: [ { lessThanOrEqual: "5.0.7", status: "affected", version: "5.0.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to weaker than expected security. IBM X-Force ID: 236452.", }, ], value: "IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to weaker than expected security. IBM X-Force ID: 236452.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-326", description: "CWE-326 Inadequate Encryption Strength", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-04-19T17:01:38.927Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7148632", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/236452", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Aspera Faspex information disclosure", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2022-40745", datePublished: "2024-04-19T17:01:38.927Z", dateReserved: "2022-09-16T16:24:40.585Z", dateUpdated: "2024-08-03T12:28:42.305Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-40744
Vulnerability from cvelistv5
Published
2024-02-02 03:08
Modified
2024-08-03 12:28
Severity ?
EPSS score ?
Summary
IBM Aspera Faspex 5.0.6 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236441.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7111778 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/236441 | vdb-entry |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Faspex |
Version: 5.0.6 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2022-40744", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-02-02T19:45:03.703067Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-05T17:21:26.435Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-03T12:28:41.514Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/7111778", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/236441", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Aspera Faspex", vendor: "IBM", versions: [ { status: "affected", version: "5.0.6", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Aspera Faspex 5.0.6 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236441.", }, ], value: "IBM Aspera Faspex 5.0.6 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236441.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-02T03:08:11.780Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7111778", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/236441", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Aspera Faspex cross-site scripting", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2022-40744", datePublished: "2024-02-02T03:08:11.780Z", dateReserved: "2022-09-16T16:24:40.584Z", dateUpdated: "2024-08-03T12:28:41.514Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-22497
Vulnerability from cvelistv5
Published
2022-05-24 21:40
Modified
2024-09-16 21:57
Severity ?
EPSS score ?
Summary
IBM Aspera Faspex 4.4.1 and 5.0.0 could allow unauthorized access due to an incorrectly computed security token. IBM X-Force ID: 226951.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6589601 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/226951 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Faspex |
Version: 4.4.1 Version: 5.0.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:14:55.328Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6589601", }, { name: "ibm-aspera-cve202222497-unauth-access (226951)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/226951", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Aspera Faspex", vendor: "IBM", versions: [ { status: "affected", version: "4.4.1", }, { status: "affected", version: "5.0.0", }, ], }, ], datePublic: "2022-05-24T00:00:00", descriptions: [ { lang: "en", value: "IBM Aspera Faspex 4.4.1 and 5.0.0 could allow unauthorized access due to an incorrectly computed security token. IBM X-Force ID: 226951.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 6.5, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/PR:N/UI:N/AV:N/I:N/C:H/A:N/AC:L/S:U/RL:O/RC:C/E:U", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-05-24T21:40:09", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6589601", }, { name: "ibm-aspera-cve202222497-unauth-access (226951)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/226951", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2022-05-24T00:00:00", ID: "CVE-2022-22497", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Aspera Faspex", version: { version_data: [ { version_value: "4.4.1", }, { version_value: "5.0.0", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Aspera Faspex 4.4.1 and 5.0.0 could allow unauthorized access due to an incorrectly computed security token. IBM X-Force ID: 226951.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "L", AV: "N", C: "H", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6589601", refsource: "CONFIRM", title: "IBM Security Bulletin 6589601", url: "https://www.ibm.com/support/pages/node/6589601", }, { name: "ibm-aspera-cve202222497-unauth-access (226951)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/226951", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2022-22497", datePublished: "2022-05-24T21:40:09.908903Z", dateReserved: "2022-01-03T00:00:00", dateUpdated: "2024-09-16T21:57:04.200Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-22869
Vulnerability from cvelistv5
Published
2024-04-19 15:48
Modified
2024-08-02 10:20
Severity ?
EPSS score ?
Summary
IBM Aspera Faspex 5.0.0 through 5.0.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 244119.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7148632 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/244119 | vdb-entry |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Faspex |
Version: 5.0.0 ≤ 5.0.7 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:ibm:aspera_faspex:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "aspera_faspex", vendor: "ibm", versions: [ { status: "affected", version: "*", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-22869", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-04-23T00:32:40.443369Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:26:49.125Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T10:20:31.134Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/7148632", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/244119", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Aspera Faspex", vendor: "IBM", versions: [ { lessThanOrEqual: "5.0.7", status: "affected", version: "5.0.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Aspera Faspex 5.0.0 through 5.0.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 244119.", }, ], value: "IBM Aspera Faspex 5.0.0 through 5.0.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 244119.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-532", description: "CWE-532 Insertion of Sensitive Information into Log File", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-04-19T15:48:02.828Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7148632", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/244119", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Aspera Faspex information disclosure", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2023-22869", datePublished: "2024-04-19T15:48:02.828Z", dateReserved: "2023-01-09T15:16:49.249Z", dateUpdated: "2024-08-02T10:20:31.134Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-45097
Vulnerability from cvelistv5
Published
2024-09-05 15:35
Modified
2024-09-05 15:46
Severity ?
EPSS score ?
Summary
IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Faspex |
Version: 5.0.0 ≤ 5.0.9 cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_faspex:5.0.9:*:*:*:*:*:*:* |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-45097", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-05T15:46:12.984088Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-05T15:46:21.130Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:aspera_faspex:5.0.9:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "Aspera Faspex", vendor: "IBM", versions: [ { lessThanOrEqual: "5.0.9", status: "affected", version: "5.0.0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Jan van der Put, Jasper Westerman, Yanick de Pater of REQON B.V.", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification.", }, ], value: "IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-650", description: "CWE-650 Trusting HTTP Permission Methods on the Server Side", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-05T15:35:56.186Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { url: "https://www.ibm.com/support/pages/node/7167255", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Aspera Faspex bypass security", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2024-45097", datePublished: "2024-09-05T15:35:56.186Z", dateReserved: "2024-08-21T19:11:14.497Z", dateUpdated: "2024-09-05T15:46:21.130Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-22868
Vulnerability from cvelistv5
Published
2023-02-17 16:01
Modified
2025-03-12 20:08
Severity ?
EPSS score ?
Summary
IBM Aspera Faspex 4.4.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244117.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6952319 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/244117 | vdb-entry |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Faspex |
Version: 4.4.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T10:20:31.044Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6952319", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/244117", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-22868", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-12T20:07:58.992689Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-12T20:08:02.937Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Aspera Faspex", vendor: "IBM", versions: [ { status: "affected", version: "4.4.1", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Aspera Faspex 4.4.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244117.", }, ], value: "IBM Aspera Faspex 4.4.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244117.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-02-17T16:01:36.702Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/6952319", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/244117", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Aspera Faspex cross-site scripting", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2023-22868", datePublished: "2023-02-17T16:01:36.702Z", dateReserved: "2023-01-09T15:16:41.370Z", dateUpdated: "2025-03-12T20:08:02.937Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-30995
Vulnerability from cvelistv5
Published
2023-09-08 20:56
Modified
2024-09-26 14:38
Severity ?
EPSS score ?
Summary
IBM Aspera Faspex 4.0 through 4.4.2 and 5.0 through 5.0.5 could allow a malicious actor to bypass IP whitelist restrictions using a specially crafted HTTP request. IBM X-Force ID: 254268.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7029681 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/254268 | vdb-entry | |
| https://www.ibm.com/support/pages/node/7048851 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Faspex |
Version: 5.0 ≤ 5.0.5 Version: 4.0 ≤ 4.4.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T14:45:24.676Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/7029681", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/254268", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/7048851", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:ibm:aspera_faspex:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "aspera_faspex", vendor: "ibm", versions: [ { lessThanOrEqual: "5.05", status: "affected", version: "5.0", versionType: "custom", }, { lessThanOrEqual: "4.4.2", status: "affected", version: "4.0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-30995", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-26T14:35:11.166291Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-26T14:38:33.682Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Aspera Faspex", vendor: "IBM", versions: [ { lessThanOrEqual: "5.0.5", status: "affected", version: "5.0", versionType: "semver", }, { lessThanOrEqual: "4.4.2", status: "affected", version: "4.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Aspera Faspex 4.0 through 4.4.2 and 5.0 through 5.0.5 could allow a malicious actor to bypass IP whitelist restrictions using a specially crafted HTTP request. IBM X-Force ID: 254268.", }, ], value: "IBM Aspera Faspex 4.0 through 4.4.2 and 5.0 through 5.0.5 could allow a malicious actor to bypass IP whitelist restrictions using a specially crafted HTTP request. IBM X-Force ID: 254268.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "284 Improper Access Control", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-10T19:12:02.374Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7029681", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/254268", }, { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7048851", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Aspera Faspex improper access control", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2023-30995", datePublished: "2023-09-08T20:56:37.103Z", dateReserved: "2023-04-21T17:49:51.826Z", dateUpdated: "2024-09-26T14:38:33.682Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-45096
Vulnerability from cvelistv5
Published
2024-09-05 15:34
Modified
2024-09-05 15:47
Severity ?
EPSS score ?
Summary
IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user with access to the package to obtain sensitive information through a directory listing.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Faspex |
Version: 5.0.0 ≤ 5.0.9 cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_faspex:5.0.9:*:*:*:*:*:*:* |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-45096", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-05T15:46:58.967984Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-05T15:47:08.719Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:aspera_faspex:5.0.9:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "Aspera Faspex", vendor: "IBM", versions: [ { lessThanOrEqual: "5.0.9", status: "affected", version: "5.0.0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Jan van der Put, Jasper Westerman, Yanick de Pater of REQON B.V.", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user with access to the package to obtain sensitive information through a directory listing.", }, ], value: "IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user with access to the package to obtain sensitive information through a directory listing.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-548", description: "CWE-548 Exposure of Information Through Directory Listing", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-05T15:34:22.413Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { url: "https://www.ibm.com/support/pages/node/7167255", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Aspera Faspex information disclosure", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2024-45096", datePublished: "2024-09-05T15:34:22.413Z", dateReserved: "2024-08-21T19:11:14.497Z", dateUpdated: "2024-09-05T15:47:08.719Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-22870
Vulnerability from cvelistv5
Published
2023-09-05 00:46
Modified
2024-09-26 18:27
Severity ?
EPSS score ?
Summary
IBM Aspera Faspex 5.0.5 transmits sensitive information in cleartext which could be obtained by an attacker using man in the middle techniques. IBM X-Force ID: 244121.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7029681 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/244121 | vdb-entry |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Faspex |
Version: 5.0.5 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T10:20:31.053Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/7029681", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/244121", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-22870", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-26T18:03:00.024971Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-26T18:27:59.631Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Aspera Faspex", vendor: "IBM", versions: [ { status: "affected", version: "5.0.5", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Aspera Faspex 5.0.5 transmits sensitive information in cleartext which could be obtained by an attacker using man in the middle techniques. IBM X-Force ID: 244121.", }, ], value: "IBM Aspera Faspex 5.0.5 transmits sensitive information in cleartext which could be obtained by an attacker using man in the middle techniques. IBM X-Force ID: 244121.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-319", description: "CWE-319 Cleartext Transmission of Sensitive Information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-05T00:46:14.649Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7029681", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/244121", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Aspera Faspex information disclosure", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2023-22870", datePublished: "2023-09-05T00:46:14.649Z", dateReserved: "2023-01-09T15:16:49.250Z", dateUpdated: "2024-09-26T18:27:59.631Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-22401
Vulnerability from cvelistv5
Published
2023-09-08 21:21
Modified
2024-09-25 20:03
Severity ?
EPSS score ?
Summary
IBM Aspera Faspex 5.0.5 could allow a remote attacker to gather or persuade a naive user to supply sensitive information. IBM X-Force ID: 222567.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7029681 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/222567 | vdb-entry |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Faspex |
Version: 5.0.5 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:14:55.109Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/7029681", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/222567", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-22401", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-25T16:23:22.279292Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-25T20:03:45.787Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Aspera Faspex", vendor: "IBM", versions: [ { status: "affected", version: "5.0.5", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Aspera Faspex 5.0.5 could allow a remote attacker to gather or persuade a naive user to supply sensitive information. IBM X-Force ID: 222567.", }, ], value: "IBM Aspera Faspex 5.0.5 could allow a remote attacker to gather or persuade a naive user to supply sensitive information. IBM X-Force ID: 222567.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "693 Protection Mechanism Failure", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-08T21:21:08.972Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7029681", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/222567", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Aspera Faspex information disclosure", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2022-22401", datePublished: "2023-09-08T21:21:08.972Z", dateReserved: "2022-01-03T22:29:20.951Z", dateUpdated: "2024-09-25T20:03:45.787Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-37413
Vulnerability from cvelistv5
Published
2025-01-29 16:36
Modified
2025-02-12 16:39
Severity ?
EPSS score ?
Summary
IBM Aspera Faspex 5.0.0 through 5.0.10 could disclose sensitive username information due to an observable response discrepancy.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Faspex |
Version: 5.0.0 ≤ 5.0.10 cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_faspex:5.0.10:*:*:*:*:*:*:* |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-37413", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-29T16:52:44.263224Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-12T16:39:51.480Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:aspera_faspex:5.0.10:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "Aspera Faspex", vendor: "IBM", versions: [ { lessThanOrEqual: "5.0.10", status: "affected", version: "5.0.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Aspera Faspex 5.0.0 through 5.0.10 could disclose sensitive username information due to an observable response discrepancy.", }, ], value: "IBM Aspera Faspex 5.0.0 through 5.0.10 could disclose sensitive username information due to an observable response discrepancy.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-204", description: "CWE-204 Response Discrepancy Information Exposure", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-29T16:36:24.872Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { url: "https://www.ibm.com/support/pages/node/7181814", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Aspera Faspex information disclosure", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2023-37413", datePublished: "2025-01-29T16:36:24.872Z", dateReserved: "2023-07-05T15:59:16.997Z", dateUpdated: "2025-02-12T16:39:51.480Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-27874
Vulnerability from cvelistv5
Published
2023-03-21 14:33
Modified
2025-02-26 16:50
Severity ?
EPSS score ?
Summary
IBM Aspera Faspex 4.4.2 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands. IBM X-Force ID: 249845.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6964694 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/249845 | vdb-entry |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Faspex |
Version: 4.4.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T12:23:30.554Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6964694", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/249845", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-27874", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T16:49:58.964441Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-26T16:50:16.930Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Aspera Faspex", vendor: "IBM", versions: [ { status: "affected", version: "4.4.2", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Aspera Faspex 4.4.2 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands. IBM X-Force ID: 249845.", }, ], value: "IBM Aspera Faspex 4.4.2 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands. IBM X-Force ID: 249845.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.9, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-611", description: "CWE-611 Improper Restriction of XML External Entity Reference", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-03-21T14:33:20.252Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/6964694", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/249845", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Aspera Faspex XML external entity injection", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2023-27874", datePublished: "2023-03-21T14:33:20.252Z", dateReserved: "2023-03-06T20:01:56.636Z", dateUpdated: "2025-02-26T16:50:16.930Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-37395
Vulnerability from cvelistv5
Published
2024-12-11 02:49
Modified
2024-12-11 15:33
Severity ?
EPSS score ?
Summary
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certain data.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7148632 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Faspex |
Version: 5.0.0 ≤ 5.0.7 cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_faspex:5.0.7:*:*:*:*:*:*:* |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-37395", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-11T15:33:36.465223Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-11T15:33:45.364Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:aspera_faspex:5.0.7:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "Aspera Faspex", vendor: "IBM", versions: [ { lessThanOrEqual: "5.0.7", status: "affected", version: "5.0.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certain data. ", }, ], value: "IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certain data.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 2.5, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-327", description: "CWE-327 Use of a Broken or Risky Cryptographic Algorithm", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-11T02:49:38.428Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7148632", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Aspera Faspex information disclosure", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2023-37395", datePublished: "2024-12-11T02:49:38.428Z", dateReserved: "2023-07-05T15:59:03.334Z", dateUpdated: "2024-12-11T15:33:45.364Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-27871
Vulnerability from cvelistv5
Published
2023-03-21 14:29
Modified
2025-02-25 20:03
Severity ?
EPSS score ?
Summary
IBM Aspera Faspex 4.4.2 could allow a remote attacker to obtain sensitive credential information for an external user, using a specially crafted SQL query. IBM X-Force ID: 249613.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6964694 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/249613 | vdb-entry |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Faspex |
Version: 4.4.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T12:23:29.288Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6964694", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/249613", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-27871", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-25T20:00:43.835535Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-25T20:03:41.068Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Aspera Faspex", vendor: "IBM", versions: [ { status: "affected", version: "4.4.2", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Aspera Faspex 4.4.2 could allow a remote attacker to obtain sensitive credential information for an external user, using a specially crafted SQL query. IBM X-Force ID: 249613.", }, ], value: "IBM Aspera Faspex 4.4.2 could allow a remote attacker to obtain sensitive credential information for an external user, using a specially crafted SQL query. IBM X-Force ID: 249613.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "208 Information Exposure Through Timing Discrepancy", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-03-21T14:29:53.076Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/6964694", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/249613", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Aspera Faspex information disclosure", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2023-27871", datePublished: "2023-03-21T14:29:53.076Z", dateReserved: "2023-03-06T20:01:56.636Z", dateUpdated: "2025-02-25T20:03:41.068Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-37412
Vulnerability from cvelistv5
Published
2025-01-29 16:34
Modified
2025-02-12 16:48
Severity ?
EPSS score ?
Summary
IBM Aspera Faspex 5.0.0 through 5.0.10 could allow a privileged user to make system changes without proper access controls.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Faspex |
Version: 5.0.0 ≤ 5.0.10 cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_faspex:5.0.10:*:*:*:*:*:*:* |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-37412", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-29T16:54:27.016356Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-12T16:48:00.305Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:aspera_faspex:5.0.10:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "Aspera Faspex", vendor: "IBM", versions: [ { lessThanOrEqual: "5.0.10", status: "affected", version: "5.0.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Aspera Faspex 5.0.0 through 5.0.10 could allow a privileged user to make system changes without proper access controls.", }, ], value: "IBM Aspera Faspex 5.0.0 through 5.0.10 could allow a privileged user to make system changes without proper access controls.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-250", description: "CWE-250 Execution with Unnecessary Privileges", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-29T16:34:55.809Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { url: "https://www.ibm.com/support/pages/node/7181814", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Aspera Faspex improper access control", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2023-37412", datePublished: "2025-01-29T16:34:55.809Z", dateReserved: "2023-07-05T15:59:16.997Z", dateUpdated: "2025-02-12T16:48:00.305Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-47986
Vulnerability from cvelistv5
Published
2023-02-17 15:46
Modified
2025-02-13 16:34
Severity ?
EPSS score ?
Summary
IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. The obsolete API call was removed in Faspex 4.4.2 PL2. IBM X-Force ID: 243512.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Faspex |
Version: 4.4.2 Patch Level 1 and earlier |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T15:02:36.641Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6952319", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/243512", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/171772/IBM-Aspera-Faspex-4.4.1-YAML-Deserialization.html", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-47986", options: [ { Exploitation: "active", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-29T15:05:23.947928Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2023-02-21", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-47986", }, type: "kev", }, }, ], providerMetadata: { dateUpdated: "2025-01-29T15:11:29.531Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Aspera Faspex", vendor: "IBM", versions: [ { status: "affected", version: "4.4.2 Patch Level 1 and earlier", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(22, 22, 22);\">IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. The obsolete API call was removed in Faspex 4.4.2 PL2. IBM X-Force ID: 243512.</span>", }, ], value: "IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. The obsolete API call was removed in Faspex 4.4.2 PL2. IBM X-Force ID: 243512.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502 Deserialization of Untrusted Data", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-04-10T19:06:17.837Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/6952319", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/243512", }, { url: "http://packetstormsecurity.com/files/171772/IBM-Aspera-Faspex-4.4.1-YAML-Deserialization.html", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Aspera Faspex code execution", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2022-47986", datePublished: "2023-02-17T15:46:04.120Z", dateReserved: "2022-12-28T17:49:58.383Z", dateUpdated: "2025-02-13T16:34:02.349Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-22399
Vulnerability from cvelistv5
Published
2024-03-05 19:58
Modified
2024-08-03 03:14
Severity ?
EPSS score ?
Summary
IBM Aspera Faspex 5.0.0 and 5.0.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 222562.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Faspex |
Version: 5.0.0, 5.0.1 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2022-22399", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-03-06T19:12:27.461578Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:16:30.914Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-03T03:14:54.693Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6618959", }, { tags: [ "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/222562", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Aspera Faspex", vendor: "IBM", versions: [ { status: "affected", version: "5.0.0, 5.0.1", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Aspera Faspex 5.0.0 and 5.0.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 222562.", }, ], value: "IBM Aspera Faspex 5.0.0 and 5.0.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 222562.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-644", description: "CWE-644 Improper Neutralization of HTTP Headers for Scripting Syntax", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-05T19:58:53.516Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/6618959", }, { url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/222562", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Aspera Faspex HTTP header injection", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2022-22399", datePublished: "2024-03-05T19:58:53.516Z", dateReserved: "2022-01-03T22:29:20.950Z", dateUpdated: "2024-08-03T03:14:54.693Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-22409
Vulnerability from cvelistv5
Published
2023-09-08 21:19
Modified
2024-09-26 14:41
Severity ?
EPSS score ?
Summary
IBM Aspera Faspex 5.0.5 could allow a remote attacker to gather sensitive information about the web application, caused by an insecure configuration. IBM X-Force ID: 222592.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7029681 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/222592 | vdb-entry |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Faspex |
Version: 5.0.5 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:14:54.968Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/7029681", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/222592", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:ibm:aspera_faspex:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "aspera_faspex", vendor: "ibm", versions: [ { lessThanOrEqual: "5.05", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2022-22409", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-26T14:40:08.952251Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-26T14:41:23.222Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Aspera Faspex", vendor: "IBM", versions: [ { status: "affected", version: "5.0.5", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Aspera Faspex 5.0.5 could allow a remote attacker to gather sensitive information about the web application, caused by an insecure configuration. IBM X-Force ID: 222592.", }, ], value: "IBM Aspera Faspex 5.0.5 could allow a remote attacker to gather sensitive information about the web application, caused by an insecure configuration. IBM X-Force ID: 222592.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-08T21:19:00.311Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7029681", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/222592", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Aspera Faspex information disclosure", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2022-22409", datePublished: "2023-09-08T21:19:00.311Z", dateReserved: "2022-01-03T22:29:20.956Z", dateUpdated: "2024-09-26T14:41:23.222Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-27875
Vulnerability from cvelistv5
Published
2023-03-16 12:37
Modified
2025-02-26 15:06
Severity ?
EPSS score ?
Summary
IBM Aspera Faspex 5.0.4 could allow a user to change other user's credentials due to improper access controls. IBM X-Force ID: 249847.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6963662 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/249847 | vdb-entry |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Faspex |
Version: 5.0.4 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T12:23:29.955Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6963662", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/249847", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-27875", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T15:05:57.595210Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "CWE-284 Improper Access Control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-26T15:06:45.141Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Aspera Faspex", vendor: "IBM", versions: [ { status: "affected", version: "5.0.4", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Aspera Faspex 5.0.4 could allow a user to change other user's credentials due to improper access controls. IBM X-Force ID: 249847.", }, ], value: "IBM Aspera Faspex 5.0.4 could allow a user to change other user's credentials due to improper access controls. IBM X-Force ID: 249847.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "284 Improper Access Control", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-03-21T00:05:10.527Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/6963662", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/249847", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Aspera Faspex improper access controls", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2023-27875", datePublished: "2023-03-16T12:37:09.318Z", dateReserved: "2023-03-06T20:01:56.637Z", dateUpdated: "2025-02-26T15:06:45.141Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-27873
Vulnerability from cvelistv5
Published
2023-03-21 14:37
Modified
2025-02-26 16:48
Severity ?
EPSS score ?
Summary
IBM Aspera Faspex 4.4.2 could allow a remote authenticated attacker to obtain sensitive credential information using specially crafted XML input. IBM X-Force ID: 249654.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6964694 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/249654 | vdb-entry |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Faspex |
Version: 4.4.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T12:23:29.879Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6964694", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/249654", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-27873", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T16:48:44.100168Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-26T16:48:57.047Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Aspera Faspex", vendor: "IBM", versions: [ { status: "affected", version: "4.4.2", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "\n\n<span style=\"background-color: rgb(204, 217, 226);\">IBM Aspera Faspex 4.4.2 could allow a remote authenticated attacker to obtain sensitive credential information using specially crafted XML input. IBM X-Force ID: 249654.</span>\n\n", }, ], value: "\nIBM Aspera Faspex 4.4.2 could allow a remote authenticated attacker to obtain sensitive credential information using specially crafted XML input. IBM X-Force ID: 249654.\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "200", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-03-21T14:38:36.820Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/6964694", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/249654", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Aspera Faspex information disclosure", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2023-27873", datePublished: "2023-03-21T14:37:03.988Z", dateReserved: "2023-03-06T20:01:56.636Z", dateUpdated: "2025-02-26T16:48:57.047Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-24965
Vulnerability from cvelistv5
Published
2023-09-08 20:14
Modified
2024-09-26 14:32
Severity ?
EPSS score ?
Summary
IBM Aspera Faspex 5.0.5 does not restrict or incorrectly restricts access to a resource from an unauthorized actor. IBM X-Force ID: 246713.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7029681 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/246713 | vdb-entry |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Faspex |
Version: 5.0.5 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T11:11:43.423Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/7029681", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/246713", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:ibm:aspera_faspex:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "aspera_faspex", vendor: "ibm", versions: [ { lessThanOrEqual: "5.0.5", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-24965", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-26T14:30:23.101382Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-26T14:32:14.442Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Aspera Faspex", vendor: "IBM", versions: [ { status: "affected", version: "5.0.5", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Aspera Faspex 5.0.5 does not restrict or incorrectly restricts access to a resource from an unauthorized actor. IBM X-Force ID: 246713.", }, ], value: "IBM Aspera Faspex 5.0.5 does not restrict or incorrectly restricts access to a resource from an unauthorized actor. IBM X-Force ID: 246713.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "284 Improper Access Control", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-08T20:14:46.513Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7029681", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/246713", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Aspera Faspex improper access control", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2023-24965", datePublished: "2023-09-08T20:14:46.513Z", dateReserved: "2023-02-01T02:39:37.389Z", dateUpdated: "2024-09-26T14:32:14.442Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-37411
Vulnerability from cvelistv5
Published
2024-05-28 12:06
Modified
2024-08-02 17:16
Severity ?
EPSS score ?
Summary
IBM Aspera Faspex 5.0.0 through 5.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 260139.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7154977 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/260139 | vdb-entry |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Faspex |
Version: 5.0.0 ≤ 5.0.6 cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_faspex:5.0.6:*:*:*:*:*:*:* |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-37411", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-06-28T20:09:09.274150Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-28T20:09:16.406Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T17:16:29.498Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/7154977", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/260139", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:aspera_faspex:5.0.6:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "Aspera Faspex", vendor: "IBM", versions: [ { lessThanOrEqual: "5.0.6", status: "affected", version: "5.0.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Aspera Faspex 5.0.0 through 5.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 260139.", }, ], value: "IBM Aspera Faspex 5.0.0 through 5.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 260139.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-28T12:06:05.023Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7154977", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/260139", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Aspera Faspex cross-site scripting", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2023-37411", datePublished: "2024-05-28T12:06:05.023Z", dateReserved: "2023-07-05T15:59:16.997Z", dateUpdated: "2024-08-02T17:16:29.498Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-22405
Vulnerability from cvelistv5
Published
2023-09-08 20:12
Modified
2024-09-26 14:23
Severity ?
EPSS score ?
Summary
IBM Aspera Faspex 5.0.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 222576.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7029681 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/222576 | vdb-entry |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Faspex |
Version: 5.0.5 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:14:54.908Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/7029681", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/222576", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-22405", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-26T14:22:41.252698Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-26T14:23:00.364Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Aspera Faspex", vendor: "IBM", versions: [ { status: "affected", version: "5.0.5", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Aspera Faspex 5.0.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 222576.", }, ], value: "IBM Aspera Faspex 5.0.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 222576.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-311", description: "CWE-311 Missing Encryption of Sensitive Data", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-08T20:12:02.057Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7029681", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/222576", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Aspera Faspex information disclosure", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2022-22405", datePublished: "2023-09-08T20:12:02.057Z", dateReserved: "2022-01-03T22:29:20.954Z", dateUpdated: "2024-09-26T14:23:00.364Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-37397
Vulnerability from cvelistv5
Published
2024-04-19 16:54
Modified
2024-08-02 17:16
Severity ?
EPSS score ?
Summary
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain or modify sensitive information due to improper encryption of certain data. IBM X-Force ID: 259672.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7148632 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/259672 | vdb-entry |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Faspex |
Version: 5.0.0 ≤ 5.0.7 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:ibm:aspera_faspex:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "aspera_faspex", vendor: "ibm", versions: [ { lessThanOrEqual: "5.0.7", status: "affected", version: "5.0.0", versionType: "semver", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-37397", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-04-20T19:17:45.866994Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:24:39.600Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T17:16:29.338Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/7148632", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/259672", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Aspera Faspex", vendor: "IBM", versions: [ { lessThanOrEqual: "5.0.7", status: "affected", version: "5.0.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain or modify sensitive information due to improper encryption of certain data. IBM X-Force ID: 259672.", }, ], value: "IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain or modify sensitive information due to improper encryption of certain data. IBM X-Force ID: 259672.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.6, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-326", description: "CWE-326 Inadequate Encryption Strength", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-04-30T14:53:05.436Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7148632", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/259672", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Aspera Faspex data manipulation", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2023-37397", datePublished: "2024-04-19T16:54:19.875Z", dateReserved: "2023-07-05T15:59:03.334Z", dateUpdated: "2024-08-02T17:16:29.338Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-27279
Vulnerability from cvelistv5
Published
2024-04-19 16:39
Modified
2024-08-02 12:09
Severity ?
EPSS score ?
Summary
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a user to cause a denial of service due to missing API rate limiting. IBM X-Force ID: 248533.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7148632 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/248533 | vdb-entry |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Faspex |
Version: 5.0.0 ≤ 5.0.7 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "aspera_faspex", vendor: "ibm", versions: [ { status: "affected", version: "5.0.0", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-27279", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-04-23T19:24:59.103878Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:24:46.228Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T12:09:41.845Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/7148632", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/248533", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Aspera Faspex", vendor: "IBM", versions: [ { lessThanOrEqual: "5.0.7", status: "affected", version: "5.0.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a user to cause a denial of service due to missing API rate limiting. IBM X-Force ID: 248533.", }, ], value: "IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a user to cause a denial of service due to missing API rate limiting. IBM X-Force ID: 248533.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-799", description: "CWE-799 Improper Control of Interaction Frequency", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-04-19T16:39:27.659Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7148632", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/248533", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Aspera Faspex denial of service", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2023-27279", datePublished: "2024-04-19T16:39:27.659Z", dateReserved: "2023-02-27T17:47:15.100Z", dateUpdated: "2024-08-02T12:09:41.845Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-35906
Vulnerability from cvelistv5
Published
2023-09-05 00:52
Modified
2024-09-27 13:53
Severity ?
EPSS score ?
Summary
IBM Aspera Faspex 5.0.5 could allow a remote attacked to bypass IP restrictions due to improper access controls. IBM X-Force ID: 259649.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7029681 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/259649 | vdb-entry |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Faspex |
Version: 5.0.5 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:37:41.207Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/7029681", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/259649", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:ibm:aspera_faspex:-:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "aspera_faspex", vendor: "ibm", versions: [ { status: "affected", version: "5.0.5", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-35906", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-27T13:52:40.253509Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-27T13:53:24.680Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Aspera Faspex", vendor: "IBM", versions: [ { status: "affected", version: "5.0.5", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Aspera Faspex 5.0.5 could allow a remote attacked to bypass IP restrictions due to improper access controls. IBM X-Force ID: 259649.", }, ], value: "IBM Aspera Faspex 5.0.5 could allow a remote attacked to bypass IP restrictions due to improper access controls. IBM X-Force ID: 259649.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-291", description: "CWE-291 Reliance on IP Address for Authentication", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-20T17:28:01.531Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7029681", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/259649", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Aspera Faspex security bypass", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2023-35906", datePublished: "2023-09-05T00:52:09.861Z", dateReserved: "2023-06-20T02:24:31.594Z", dateUpdated: "2024-09-27T13:53:24.680Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-45098
Vulnerability from cvelistv5
Published
2024-09-05 15:31
Modified
2024-09-05 15:43
Severity ?
EPSS score ?
Summary
IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Faspex |
Version: 5.0.0 ≤ 5.0.9 cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_faspex:5.0.9:*:*:*:*:*:*:* |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-45098", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-05T15:41:39.305969Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-05T15:43:35.370Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:aspera_faspex:5.0.9:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "Aspera Faspex", vendor: "IBM", versions: [ { lessThanOrEqual: "5.0.9", status: "affected", version: "5.0.0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Jan van der Put, Jasper Westerman, Yanick de Pater of REQON B.V.", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification.", }, ], value: "IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-650", description: "CWE-650 Trusting HTTP Permission Methods on the Server Side", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-05T15:31:43.745Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { url: "https://www.ibm.com/support/pages/node/7167255", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Aspera Faspex bypass security", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2024-45098", datePublished: "2024-09-05T15:31:43.745Z", dateReserved: "2024-08-21T19:11:14.497Z", dateUpdated: "2024-09-05T15:43:35.370Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-37396
Vulnerability from cvelistv5
Published
2024-04-19 16:06
Modified
2024-09-20 19:49
Severity ?
EPSS score ?
Summary
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certain data. IBM X-Force ID: 259671.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7148632 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/259671 | vdb-entry |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Faspex |
Version: 5.0.0 ≤ 5.0.7 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-37396", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-04-29T16:31:02.718319Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-20T19:49:01.215Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T17:16:29.346Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/7148632", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/259671", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Aspera Faspex", vendor: "IBM", versions: [ { lessThanOrEqual: "5.0.7", status: "affected", version: "5.0.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certain data. IBM X-Force ID: 259671.", }, ], value: "IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certain data. IBM X-Force ID: 259671.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 2.5, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-327", description: "CWE-327 Use of a Broken or Risky Cryptographic Algorithm", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-20T17:31:33.094Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7148632", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/259671", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Aspera Faspex information disclosure", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2023-37396", datePublished: "2024-04-19T16:06:03.554Z", dateReserved: "2023-07-05T15:59:03.334Z", dateUpdated: "2024-09-20T19:49:01.215Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-37400
Vulnerability from cvelistv5
Published
2024-04-19 14:02
Modified
2024-08-02 17:16
Severity ?
EPSS score ?
Summary
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to escalate their privileges due to insecure credential storage. IBM X-Force ID: 259677.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7148631 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/259677 | vdb-entry |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Faspex |
Version: 5.0.0 ≤ 5.0.7 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "aspera_faspex", vendor: "ibm", versions: [ { status: "affected", version: "5.0.0", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-37400", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-04-19T17:00:08.731977Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:24:36.694Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T17:16:29.371Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/7148631", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/259677", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Aspera Faspex", vendor: "IBM", versions: [ { lessThanOrEqual: "5.0.7", status: "affected", version: "5.0.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to escalate their privileges due to insecure credential storage. IBM X-Force ID: 259677.", }, ], value: "IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to escalate their privileges due to insecure credential storage. IBM X-Force ID: 259677.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-522", description: "CWE-522 Insufficiently Protected Credentials", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-04-19T14:02:50.896Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7148631", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/259677", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Aspera Faspex privilege escalation", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2023-37400", datePublished: "2024-04-19T14:02:50.896Z", dateReserved: "2023-07-05T15:59:03.335Z", dateUpdated: "2024-08-02T17:16:29.371Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2024-09-05 16:15
Modified
2024-09-06 13:01
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Summary
IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7167255 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | aspera_faspex | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:aspera_faspex:*:*:*:*:*:*:*:*", matchCriteriaId: "D7E7F93E-3938-4536-8993-CB7BE2C59C57", versionEndExcluding: "5.0.10", versionStartIncluding: "5.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification.", }, { lang: "es", value: "IBM Aspera Faspex 5.0.0 a 5.0.9 podría permitir a un usuario eludir las restricciones de acceso previstas y realizar modificaciones de recursos.", }, ], id: "CVE-2024-45098", lastModified: "2024-09-06T13:01:44.023", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 5.2, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-09-05T16:15:08.283", references: [ { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7167255", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-650", }, ], source: "psirt@us.ibm.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-03-21 15:15
Modified
2024-11-21 07:53
Severity ?
9.9 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
IBM Aspera Faspex 4.4.2 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands. IBM X-Force ID: 249845.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/249845 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6964694 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/249845 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6964694 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | aspera_faspex | * | |
| ibm | aspera_faspex | 4.4.2 | |
| ibm | aspera_faspex | 4.4.2 | |
| linux | linux_kernel | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:aspera_faspex:*:*:*:*:*:*:*:*", matchCriteriaId: "BFC015A7-A006-4441-942B-89A6B9A76BF8", versionEndIncluding: "4.4.2", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:aspera_faspex:4.4.2:patch_level_1:*:*:*:*:*:*", matchCriteriaId: "60433D3C-FA1F-43F2-AB2B-BF4B039A97B0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:aspera_faspex:4.4.2:patch_level_2:*:*:*:*:*:*", matchCriteriaId: "CC992C37-4065-492D-95C1-DC28B39E8B81", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Aspera Faspex 4.4.2 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands. IBM X-Force ID: 249845.", }, ], id: "CVE-2023-27874", lastModified: "2024-11-21T07:53:37.033", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.9, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.1, impactScore: 6, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-03-21T15:15:12.633", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/249845", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6964694", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/249845", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6964694", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-611", }, ], source: "psirt@us.ibm.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-09-08 21:15
Modified
2024-11-21 06:46
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
IBM Aspera Faspex 5.0.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 222576.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/222576 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7029681 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/222576 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7029681 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | aspera_faspex | * | |
| linux | linux_kernel | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:aspera_faspex:*:*:*:*:*:*:*:*", matchCriteriaId: "E98E1987-F57F-48E0-B65E-3EA019915989", versionEndIncluding: "5.0.5", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Aspera Faspex 5.0.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 222576.", }, { lang: "es", value: "IBM Aspera Faspex 5.0.5 podría permitir a un atacante remoto obtener información confidencial, causada por el error al habilitar correctamente HTTP Strict Transport Security. Un atacante podría aprovechar esta vulnerabilidad para obtener información sensbile mediante técnicas de man-in-the-middle. ID de IBM X-Force: 222576.", }, ], id: "CVE-2022-22405", lastModified: "2024-11-21T06:46:45.687", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-09-08T21:15:44.140", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/222576", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7029681", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/222576", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7029681", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-311", }, ], source: "psirt@us.ibm.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-311", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-03-21 15:15
Modified
2025-02-25 20:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
IBM Aspera Faspex 4.4.2 could allow a remote attacker to obtain sensitive credential information for an external user, using a specially crafted SQL query. IBM X-Force ID: 249613.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/249613 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6964694 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/249613 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6964694 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | aspera_faspex | * | |
| ibm | aspera_faspex | 4.4.2 | |
| ibm | aspera_faspex | 4.4.2 | |
| linux | linux_kernel | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:aspera_faspex:*:*:*:*:*:*:*:*", matchCriteriaId: "BFC015A7-A006-4441-942B-89A6B9A76BF8", versionEndIncluding: "4.4.2", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:aspera_faspex:4.4.2:patch_level_1:*:*:*:*:*:*", matchCriteriaId: "60433D3C-FA1F-43F2-AB2B-BF4B039A97B0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:aspera_faspex:4.4.2:patch_level_2:*:*:*:*:*:*", matchCriteriaId: "CC992C37-4065-492D-95C1-DC28B39E8B81", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Aspera Faspex 4.4.2 could allow a remote attacker to obtain sensitive credential information for an external user, using a specially crafted SQL query. IBM X-Force ID: 249613.", }, ], id: "CVE-2023-27871", lastModified: "2025-02-25T20:15:32.610", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-03-21T15:15:12.477", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/249613", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6964694", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/249613", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6964694", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-89", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-04-19 17:15
Modified
2024-11-21 07:21
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to weaker than expected security. IBM X-Force ID: 236452.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/236452 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7148632 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/236452 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7148632 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | aspera_faspex | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:aspera_faspex:*:*:*:*:*:*:*:*", matchCriteriaId: "055F62A0-D9E6-4FE6-83B2-0F9BAFF12FE8", versionEndIncluding: "5.0.7", versionStartIncluding: "5.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to weaker than expected security. IBM X-Force ID: 236452.", }, { lang: "es", value: "IBM Aspera Faspex 5.0.0 a 5.0.7 podría permitir que un usuario local obtenga información confidencial debido a una seguridad más débil de lo esperado. ID de IBM X-Force: 236452.", }, ], id: "CVE-2022-40745", lastModified: "2024-11-21T07:21:58.323", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-04-19T17:15:51.193", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/236452", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7148632", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/236452", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7148632", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-326", }, ], source: "psirt@us.ibm.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-04-19 17:15
Modified
2024-11-21 08:11
Severity ?
3.6 (Low) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Summary
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain or modify sensitive information due to improper encryption of certain data. IBM X-Force ID: 259672.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/259672 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7148632 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/259672 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7148632 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | aspera_faspex | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:aspera_faspex:*:*:*:*:*:*:*:*", matchCriteriaId: "055F62A0-D9E6-4FE6-83B2-0F9BAFF12FE8", versionEndIncluding: "5.0.7", versionStartIncluding: "5.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain or modify sensitive information due to improper encryption of certain data. IBM X-Force ID: 259672.", }, { lang: "es", value: "IBM Aspera Faspex 5.0.0 a 5.0.7 podría permitir que un usuario local obtenga o modifique información confidencial debido a un cifrado inadecuado de ciertos datos. ID de IBM X-Force: 259672.", }, ], id: "CVE-2023-37397", lastModified: "2024-11-21T08:11:38.713", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.6, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1, impactScore: 2.5, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 2.5, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-04-19T17:15:51.590", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/259672", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7148632", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/259672", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7148632", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-326", }, ], source: "psirt@us.ibm.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-326", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-03-21 15:15
Modified
2024-11-21 07:53
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
IBM Aspera Faspex 4.4.2 could allow a remote authenticated attacker to obtain sensitive credential information using specially crafted XML input. IBM X-Force ID: 249654.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/249654 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6964694 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/249654 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6964694 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | aspera_faspex | * | |
| ibm | aspera_faspex | 4.4.2 | |
| ibm | aspera_faspex | 4.4.2 | |
| linux | linux_kernel | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:aspera_faspex:*:*:*:*:*:*:*:*", matchCriteriaId: "BFC015A7-A006-4441-942B-89A6B9A76BF8", versionEndIncluding: "4.4.2", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:aspera_faspex:4.4.2:patch_level_1:*:*:*:*:*:*", matchCriteriaId: "60433D3C-FA1F-43F2-AB2B-BF4B039A97B0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:aspera_faspex:4.4.2:patch_level_2:*:*:*:*:*:*", matchCriteriaId: "CC992C37-4065-492D-95C1-DC28B39E8B81", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "\nIBM Aspera Faspex 4.4.2 could allow a remote authenticated attacker to obtain sensitive credential information using specially crafted XML input. IBM X-Force ID: 249654.\n\n", }, ], id: "CVE-2023-27873", lastModified: "2024-11-21T07:53:36.910", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-03-21T15:15:12.543", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/249654", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6964694", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/249654", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6964694", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-09-08 22:15
Modified
2024-11-21 06:46
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Aspera Faspex 5.0.5 could allow a remote attacker to gather sensitive information about the web application, caused by an insecure configuration. IBM X-Force ID: 222592.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/222592 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7029681 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/222592 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7029681 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | aspera_faspex | * | |
| linux | linux_kernel | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:aspera_faspex:*:*:*:*:*:*:*:*", matchCriteriaId: "E98E1987-F57F-48E0-B65E-3EA019915989", versionEndIncluding: "5.0.5", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Aspera Faspex 5.0.5 could allow a remote attacker to gather sensitive information about the web application, caused by an insecure configuration. IBM X-Force ID: 222592.", }, { lang: "es", value: "IBM Aspera Faspex 5.0.5 podría permitir a un atacante remoto recopilar información confidencial sobre la aplicación web, causada por una configuración insegura. ID de IBM X-Force: 222592.", }, ], id: "CVE-2022-22409", lastModified: "2024-11-21T06:46:45.813", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-09-08T22:15:09.933", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/222592", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7029681", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/222592", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7029681", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "psirt@us.ibm.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-03-16 13:15
Modified
2025-02-26 15:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
IBM Aspera Faspex 5.0.4 could allow a user to change other user's credentials due to improper access controls. IBM X-Force ID: 249847.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/249847 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6963662 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/249847 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6963662 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | aspera_faspex | 5.0.4 | |
| linux | linux_kernel | - | |
| microsoft | windows | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:aspera_faspex:5.0.4:*:*:*:*:*:*:*", matchCriteriaId: "D99D40A3-8AF9-4A89-A53C-CC5C3FC5E240", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Aspera Faspex 5.0.4 could allow a user to change other user's credentials due to improper access controls. IBM X-Force ID: 249847.", }, ], id: "CVE-2023-27875", lastModified: "2025-02-26T15:15:19.580", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-03-16T13:15:10.543", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/249847", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6963662", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/249847", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6963662", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-284", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-09-05 16:15
Modified
2024-09-06 12:34
Severity ?
Summary
IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user with access to the package to obtain sensitive information through a directory listing.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7167255 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | aspera_faspex | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:aspera_faspex:*:*:*:*:*:*:*:*", matchCriteriaId: "D7E7F93E-3938-4536-8993-CB7BE2C59C57", versionEndExcluding: "5.0.10", versionStartIncluding: "5.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user with access to the package to obtain sensitive information through a directory listing.", }, { lang: "es", value: "IBM Aspera Faspex 5.0.0 a 5.0.9 podría permitir que un usuario con acceso al paquete obtenga información confidencial a través de un listado de directorio.", }, ], id: "CVE-2024-45096", lastModified: "2024-09-06T12:34:17.957", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Primary", }, ], }, published: "2024-09-05T16:15:07.810", references: [ { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7167255", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-548", }, ], source: "psirt@us.ibm.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-03-05 20:16
Modified
2025-01-14 20:30
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Summary
IBM Aspera Faspex 5.0.0 and 5.0.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 222562.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | aspera_faspex | 5.0.0 | |
| ibm | aspera_faspex | 5.0.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*", matchCriteriaId: "6D544CB4-DA28-49C7-80B9-7CF162769725", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:aspera_faspex:5.0.1:*:*:*:*:*:*:*", matchCriteriaId: "143B5F6D-C033-4012-AB0A-E3D47162CD93", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Aspera Faspex 5.0.0 and 5.0.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 222562.", }, { lang: "es", value: "IBM Aspera Faspex 5.0.0 y 5.0.1 es vulnerable a la inyección de encabezados HTTP, causada por una validación incorrecta de la entrada por parte de los encabezados HOST. Esto podría permitir a un atacante realizar varios ataques contra el sistema vulnerable, incluido cross-site scripting, envenenamiento de caché o secuestro de sesión. ID de IBM X-Force: 222562.", }, ], id: "CVE-2022-22399", lastModified: "2025-01-14T20:30:07.790", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.5, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 2.5, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-03-05T20:16:00.620", references: [ { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/222562", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6618959", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/222562", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6618959", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-644", }, ], source: "psirt@us.ibm.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-116", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-12-11 03:15
Modified
2025-01-07 21:10
Severity ?
2.5 (Low) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certain data.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7148632 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | aspera_faspex | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:aspera_faspex:*:*:*:*:*:*:*:*", matchCriteriaId: "055F62A0-D9E6-4FE6-83B2-0F9BAFF12FE8", versionEndIncluding: "5.0.7", versionStartIncluding: "5.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certain data.", }, { lang: "es", value: "IBM Aspera Faspex 5.0.0 a 5.0.7 podría permitir que un usuario local obtenga información confidencial debido al cifrado inadecuado de ciertos datos.", }, ], id: "CVE-2023-37395", lastModified: "2025-01-07T21:10:50.467", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 2.5, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 1, impactScore: 1.4, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-12-11T03:15:04.877", references: [ { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7148632", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-327", }, ], source: "psirt@us.ibm.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-04-19 16:15
Modified
2024-12-19 15:41
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
IBM Aspera Faspex 5.0.0 through 5.0.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 244119.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | aspera_faspex | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:aspera_faspex:*:*:*:*:*:*:*:*", matchCriteriaId: "98D516C2-281F-466B-87E3-39CD885B2039", versionEndExcluding: "5.0.8", versionStartIncluding: "5.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Aspera Faspex 5.0.0 through 5.0.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 244119.", }, { lang: "es", value: "IBM Aspera Faspex 5.0.0 a 5.0.7 almacena información potencialmente confidencial en archivos de registro que un usuario local podría leer. ID de IBM X-Force: 244119.", }, ], id: "CVE-2023-22869", lastModified: "2024-12-19T15:41:55.077", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-04-19T16:15:09.227", references: [ { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/244119", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7148632", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/244119", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7148632", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-532", }, ], source: "psirt@us.ibm.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-09-08 21:15
Modified
2024-11-21 07:48
Severity ?
5.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Aspera Faspex 5.0.5 does not restrict or incorrectly restricts access to a resource from an unauthorized actor. IBM X-Force ID: 246713.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/246713 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7029681 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/246713 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7029681 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | aspera_faspex | * | |
| linux | linux_kernel | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:aspera_faspex:*:*:*:*:*:*:*:*", matchCriteriaId: "E98E1987-F57F-48E0-B65E-3EA019915989", versionEndIncluding: "5.0.5", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Aspera Faspex 5.0.5 does not restrict or incorrectly restricts access to a resource from an unauthorized actor. IBM X-Force ID: 246713.", }, { lang: "es", value: "IBM Aspera Faspex 5.0.5 no restringe ni restringe incorrectamente el acceso a un recurso de un actor no autorizado. ID de IBM X-Force: 246713.", }, ], id: "CVE-2023-24965", lastModified: "2024-11-21T07:48:51.270", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-09-08T21:15:44.860", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/246713", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7029681", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/246713", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7029681", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-668", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-04-19 16:15
Modified
2024-12-19 15:40
Severity ?
2.5 (Low) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certain data. IBM X-Force ID: 259671.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | aspera_faspex | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:aspera_faspex:*:*:*:*:*:*:*:*", matchCriteriaId: "98D516C2-281F-466B-87E3-39CD885B2039", versionEndExcluding: "5.0.8", versionStartIncluding: "5.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certain data. IBM X-Force ID: 259671.", }, { lang: "es", value: "IBM Aspera Faspex 5.0.0 a 5.0.7 podría permitir que un usuario local obtenga información confidencial debido a un cifrado inadecuado de ciertos datos. ID de IBM X-Force: 259671.", }, ], id: "CVE-2023-37396", lastModified: "2024-12-19T15:40:24.690", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 2.5, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 1, impactScore: 1.4, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-04-19T16:15:09.430", references: [ { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/259671", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7148632", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/259671", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7148632", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-327", }, ], source: "psirt@us.ibm.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-09-08 22:15
Modified
2024-11-21 06:46
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
IBM Aspera Faspex 5.0.5 could allow a remote attacker to gather or persuade a naive user to supply sensitive information. IBM X-Force ID: 222567.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/222567 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7029681 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/222567 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7029681 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | aspera_faspex | * | |
| linux | linux_kernel | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:aspera_faspex:*:*:*:*:*:*:*:*", matchCriteriaId: "E98E1987-F57F-48E0-B65E-3EA019915989", versionEndIncluding: "5.0.5", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Aspera Faspex 5.0.5 could allow a remote attacker to gather or persuade a naive user to supply sensitive information. IBM X-Force ID: 222567.", }, { lang: "es", value: "IBM Aspera Faspex 5.0.5 podría permitir a un atacante remoto recopilar o persuadir a un usuario ingenuo para que proporcione información sensible. ID de IBM X-Force: 222567.", }, ], id: "CVE-2022-22401", lastModified: "2024-11-21T06:46:45.293", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-09-08T22:15:09.533", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/222567", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7029681", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/222567", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7029681", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-311", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-09-05 01:15
Modified
2024-11-21 08:08
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
IBM Aspera Faspex 5.0.5 could allow a remote attacked to bypass IP restrictions due to improper access controls. IBM X-Force ID: 259649.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/259649 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7029681 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/259649 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7029681 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | aspera_faspex | * | |
| linux | linux_kernel | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:aspera_faspex:*:*:*:*:*:*:*:*", matchCriteriaId: "E98E1987-F57F-48E0-B65E-3EA019915989", versionEndIncluding: "5.0.5", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Aspera Faspex 5.0.5 could allow a remote attacked to bypass IP restrictions due to improper access controls. IBM X-Force ID: 259649.", }, { lang: "es", value: "IBM Aspera Faspex v5.0.5 podría permitir a un atacante remoto saltarse las restricciones de IP debido a controles de acceso inadecuados. ID de IBM X-Force: 259649. ", }, ], id: "CVE-2023-35906", lastModified: "2024-11-21T08:08:57.530", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-09-05T01:15:07.920", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/259649", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7029681", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/259649", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7029681", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-291", }, ], source: "psirt@us.ibm.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-345", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-09-08 22:15
Modified
2024-11-21 06:46
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Aspera Faspex 5.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 222571.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/222571 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7029681 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/222571 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7029681 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | aspera_faspex | * | |
| linux | linux_kernel | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:aspera_faspex:*:*:*:*:*:*:*:*", matchCriteriaId: "E98E1987-F57F-48E0-B65E-3EA019915989", versionEndIncluding: "5.0.5", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Aspera Faspex 5.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 222571.", }, { lang: "es", value: "IBM Aspera Faspex 5.0.5 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría provocar la divulgación de credenciales dentro de una sesión de confianza. ID de IBM X-Force: 222571.", }, ], id: "CVE-2022-22402", lastModified: "2024-11-21T06:46:45.430", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-09-08T22:15:09.737", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/222571", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7029681", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/222571", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7029681", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "psirt@us.ibm.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-04-19 14:15
Modified
2024-12-19 15:41
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to escalate their privileges due to insecure credential storage. IBM X-Force ID: 259677.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | aspera_faspex | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:aspera_faspex:*:*:*:*:*:*:*:*", matchCriteriaId: "98D516C2-281F-466B-87E3-39CD885B2039", versionEndExcluding: "5.0.8", versionStartIncluding: "5.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to escalate their privileges due to insecure credential storage. IBM X-Force ID: 259677.", }, { lang: "es", value: "IBM Aspera Faspex 5.0.0 a 5.0.7 podría permitir a un usuario local escalar sus privilegios debido a un almacenamiento de credenciales inseguro. ID de IBM X-Force: 259677.", }, ], id: "CVE-2023-37400", lastModified: "2024-12-19T15:41:42.607", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-04-19T14:15:10.513", references: [ { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/259677", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7148631", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/259677", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7148631", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-522", }, ], source: "psirt@us.ibm.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-02-17 17:15
Modified
2024-11-21 07:45
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Aspera Faspex 4.4.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244117.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/244117 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6952319 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/244117 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6952319 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | aspera_faspex | * | |
| ibm | aspera_faspex | 4.4.1 | |
| linux | linux_kernel | - | |
| microsoft | windows | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:aspera_faspex:*:*:*:*:*:*:*:*", matchCriteriaId: "CB591FF8-E10F-422D-9B82-0B16FDC59451", versionEndIncluding: "4.4.1", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:aspera_faspex:4.4.1:patch_level_1:*:*:*:*:*:*", matchCriteriaId: "58689E6B-15F4-40C8-B5BF-6320F5195511", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Aspera Faspex 4.4.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244117.", }, ], id: "CVE-2023-22868", lastModified: "2024-11-21T07:45:33.107", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-02-17T17:15:11.777", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/244117", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6952319", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/244117", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6952319", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "psirt@us.ibm.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-05-24 22:15
Modified
2024-11-21 06:46
Severity ?
Summary
IBM Aspera Faspex 4.4.1 and 5.0.0 could allow unauthorized access due to an incorrectly computed security token. IBM X-Force ID: 226951.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/226951 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6589601 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/226951 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6589601 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | aspera_faspex | 4.4.1 | |
| ibm | aspera_faspex | 5.0.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:aspera_faspex:4.4.1:*:*:*:*:*:*:*", matchCriteriaId: "67F486E5-FE91-4667-8AB5-574A26D8E8A0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*", matchCriteriaId: "6D544CB4-DA28-49C7-80B9-7CF162769725", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Aspera Faspex 4.4.1 and 5.0.0 could allow unauthorized access due to an incorrectly computed security token. IBM X-Force ID: 226951.", }, { lang: "es", value: "IBM Aspera Faspex versiones 4.4.1 y 5.0.0, podrían permitir el acceso no autorizado debido a un token de seguridad calculado incorrectamente. IBM X-Force ID: 226951", }, ], id: "CVE-2022-22497", lastModified: "2024-11-21T06:46:54.283", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-05-24T22:15:10.017", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/226951", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6589601", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/226951", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6589601", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-28 12:15
Modified
2025-01-14 20:22
Severity ?
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Aspera Faspex 5.0.0 through 5.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 260139.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | aspera_faspex | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:aspera_faspex:*:*:*:*:*:*:*:*", matchCriteriaId: "436899BB-851D-48D8-A63F-CEE71331E1B8", versionEndIncluding: "5.0.6", versionStartIncluding: "5.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Aspera Faspex 5.0.0 through 5.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 260139.", }, { lang: "es", value: "IBM Aspera Faspex 5.0.0 a 5.0.6 es vulnerable a Cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. ID de IBM X-Force: 260139.", }, ], id: "CVE-2023-37411", lastModified: "2025-01-14T20:22:28.020", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.7, impactScore: 2.7, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-05-28T12:15:08.360", references: [ { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/260139", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7154977", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/260139", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7154977", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "psirt@us.ibm.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-09-08 21:15
Modified
2024-11-21 08:01
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
IBM Aspera Faspex 4.0 through 4.4.2 and 5.0 through 5.0.5 could allow a malicious actor to bypass IP whitelist restrictions using a specially crafted HTTP request. IBM X-Force ID: 254268.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | aspera_faspex | * | |
| linux | linux_kernel | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:aspera_faspex:*:*:*:*:*:*:*:*", matchCriteriaId: "E98E1987-F57F-48E0-B65E-3EA019915989", versionEndIncluding: "5.0.5", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Aspera Faspex 4.0 through 4.4.2 and 5.0 through 5.0.5 could allow a malicious actor to bypass IP whitelist restrictions using a specially crafted HTTP request. IBM X-Force ID: 254268.", }, { lang: "es", value: "IBM Aspera Faspex 5.0.5 podría permitir a un actor malicioso eludir las restricciones de la lista blanca de IPs utilizando una solicitud HTTP especialmente manipulada. ID de IBM X-Force: 254268.", }, ], id: "CVE-2023-30995", lastModified: "2024-11-21T08:01:12.387", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-09-08T21:15:45.027", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/254268", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7029681", }, { source: "psirt@us.ibm.com", url: "https://www.ibm.com/support/pages/node/7048851", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/254268", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7029681", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.ibm.com/support/pages/node/7048851", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-863", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-02-17 16:15
Modified
2025-03-07 17:06
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. The obsolete API call was removed in Faspex 4.4.2 PL2. IBM X-Force ID: 243512.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://packetstormsecurity.com/files/171772/IBM-Aspera-Faspex-4.4.1-YAML-Deserialization.html | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/243512 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6952319 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/171772/IBM-Aspera-Faspex-4.4.1-YAML-Deserialization.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/243512 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6952319 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | aspera_faspex | * | |
| ibm | aspera_faspex | 4.4.2 | |
| ibm | aspera_faspex | 4.4.2 | |
| linux | linux_kernel | - | |
| microsoft | windows | - |
{ cisaActionDue: "2023-03-14", cisaExploitAdd: "2023-02-21", cisaRequiredAction: "Apply updates per vendor instructions.", cisaVulnerabilityName: "IBM Aspera Faspex Code Execution Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:aspera_faspex:*:*:*:*:*:*:*:*", matchCriteriaId: "CB591FF8-E10F-422D-9B82-0B16FDC59451", versionEndIncluding: "4.4.1", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:aspera_faspex:4.4.2:-:*:*:*:*:*:*", matchCriteriaId: "D3340C9C-759E-4DAB-8C52-4040D27C67F9", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:aspera_faspex:4.4.2:patch_level_1:*:*:*:*:*:*", matchCriteriaId: "60433D3C-FA1F-43F2-AB2B-BF4B039A97B0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. The obsolete API call was removed in Faspex 4.4.2 PL2. IBM X-Force ID: 243512.", }, { lang: "es", value: "IBM Aspera Faspex 4.4.2 Patch Level 1 y anteriores podrían permitir que un atacante remoto ejecute código arbitrario en el sistema, causado por una falla de deserialización de YAML. Al enviar una llamada API obsoleta especialmente manipulada, un atacante podría aprovechar esta vulnerabilidad para ejecutar código arbitrario en el sistema. La llamada API obsoleta se eliminó en Faspex 4.4.2 PL2. ID de IBM X-Force: 243512.", }, ], id: "CVE-2022-47986", lastModified: "2025-03-07T17:06:39.917", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-02-17T16:15:10.873", references: [ { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/171772/IBM-Aspera-Faspex-4.4.1-YAML-Deserialization.html", }, { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/243512", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6952319", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/171772/IBM-Aspera-Faspex-4.4.1-YAML-Deserialization.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/243512", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6952319", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-502", }, ], source: "psirt@us.ibm.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-04-19 17:15
Modified
2024-11-21 07:52
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a user to cause a denial of service due to missing API rate limiting. IBM X-Force ID: 248533.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/248533 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7148632 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/248533 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7148632 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | aspera_faspex | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:aspera_faspex:*:*:*:*:*:*:*:*", matchCriteriaId: "055F62A0-D9E6-4FE6-83B2-0F9BAFF12FE8", versionEndIncluding: "5.0.7", versionStartIncluding: "5.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a user to cause a denial of service due to missing API rate limiting. IBM X-Force ID: 248533.", }, { lang: "es", value: "IBM Aspera Faspex 5.0.0 a 5.0.7 podría permitir que un usuario provoque una denegación de servicio debido a la falta de limitación de velocidad de API. ID de IBM X-Force: 248533.", }, ], id: "CVE-2023-27279", lastModified: "2024-11-21T07:52:34.650", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-04-19T17:15:51.400", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/248533", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7148632", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/248533", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7148632", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-799", }, ], source: "psirt@us.ibm.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-09-05 16:15
Modified
2024-09-06 12:51
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
Summary
IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7167255 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | aspera_faspex | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:aspera_faspex:*:*:*:*:*:*:*:*", matchCriteriaId: "D7E7F93E-3938-4536-8993-CB7BE2C59C57", versionEndExcluding: "5.0.10", versionStartIncluding: "5.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification.", }, { lang: "es", value: "IBM Aspera Faspex 5.0.0 a 5.0.9 podría permitir a un usuario eludir las restricciones de acceso previstas y realizar modificaciones de recursos.", }, ], id: "CVE-2024-45097", lastModified: "2024-09-06T12:51:59.750", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 4.2, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 4.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-09-05T16:15:08.050", references: [ { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7167255", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-650", }, ], source: "psirt@us.ibm.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-436", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2025-01-29 17:15
Modified
2025-03-04 21:47
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Aspera Faspex 5.0.0 through 5.0.10 could disclose sensitive username information due to an observable response discrepancy.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7181814 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | aspera_faspex | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:aspera_faspex:*:*:*:*:*:*:*:*", matchCriteriaId: "A9FCEC50-B898-4268-964D-F81A02E15F27", versionEndIncluding: "5.0.10", versionStartIncluding: "5.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Aspera Faspex 5.0.0 through 5.0.10 could disclose sensitive username information due to an observable response discrepancy.", }, { lang: "es", value: "IBM Aspera Faspex 5.0.0 a 5.0.10 podrían revelar información confidencial del nombre de usuario debido a una discrepancia de respuesta observable.", }, ], id: "CVE-2023-37413", lastModified: "2025-03-04T21:47:48.880", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2025-01-29T17:15:26.800", references: [ { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7181814", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-204", }, ], source: "psirt@us.ibm.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-203", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2025-01-29 17:15
Modified
2025-03-04 21:53
Severity ?
4.4 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Summary
IBM Aspera Faspex 5.0.0 through 5.0.10 could allow a privileged user to make system changes without proper access controls.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7181814 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | aspera_faspex | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:aspera_faspex:*:*:*:*:*:*:*:*", matchCriteriaId: "A9FCEC50-B898-4268-964D-F81A02E15F27", versionEndIncluding: "5.0.10", versionStartIncluding: "5.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Aspera Faspex 5.0.0 through 5.0.10 could allow a privileged user to make system changes without proper access controls.", }, { lang: "es", value: "IBM Aspera Faspex 5.0.0 a 5.0.10 podría permitir que un usuario privilegiado realice cambios sistema sin los controles de acceso adecuados.", }, ], id: "CVE-2023-37412", lastModified: "2025-03-04T21:53:39.277", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 0.7, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2025-01-29T17:15:26.657", references: [ { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7181814", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-250", }, ], source: "psirt@us.ibm.com", type: "Primary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-02-02 04:15
Modified
2024-11-21 07:21
Severity ?
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Aspera Faspex 5.0.6 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236441.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/236441 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7111778 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/236441 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7111778 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | aspera_faspex | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:aspera_faspex:*:*:*:*:*:*:*:*", matchCriteriaId: "ABF452E0-F75E-4AF0-9DFF-D31CFC91F652", versionEndExcluding: "5.0.7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Aspera Faspex 5.0.6 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236441.", }, { lang: "es", value: "IBM Aspera Faspex 5.0.6 es vulnerable a cross-site scripting almacenado. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. ID de IBM X-Force: 236441.", }, ], id: "CVE-2022-40744", lastModified: "2024-11-21T07:21:58.160", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.7, impactScore: 2.7, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-02-02T04:15:07.700", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/236441", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7111778", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/236441", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7111778", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "psirt@us.ibm.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2025-01-29 17:15
Modified
2025-03-05 15:39
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7181814 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | aspera_faspex | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:aspera_faspex:*:*:*:*:*:*:*:*", matchCriteriaId: "A9FCEC50-B898-4268-964D-F81A02E15F27", versionEndIncluding: "5.0.10", versionStartIncluding: "5.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.", }, { lang: "es", value: "IBM Aspera Faspex 5.0.0 a 5.0.10 no requiere que los usuarios tengan contraseñas seguras de forma predeterminada, lo que facilita que los atacantes comprometan las cuentas de usuario.", }, ], id: "CVE-2023-35907", lastModified: "2025-03-05T15:39:52.723", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2025-01-29T17:15:26.350", references: [ { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7181814", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-521", }, ], source: "psirt@us.ibm.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2025-01-29 17:15
Modified
2025-03-05 15:35
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7181814 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | aspera_faspex | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:aspera_faspex:*:*:*:*:*:*:*:*", matchCriteriaId: "A9FCEC50-B898-4268-964D-F81A02E15F27", versionEndIncluding: "5.0.10", versionStartIncluding: "5.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.", }, { lang: "es", value: "IBM Aspera Faspex 5.0.0 a 5.0.10 no requiere que los usuarios tengan contraseñas seguras de forma predeterminada, lo que facilita que los atacantes comprometan las cuentas de usuario.", }, ], id: "CVE-2023-37398", lastModified: "2025-03-05T15:35:57.450", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2025-01-29T17:15:26.513", references: [ { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7181814", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-521", }, ], source: "psirt@us.ibm.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-09-05 01:15
Modified
2024-11-21 07:45
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
IBM Aspera Faspex 5.0.5 transmits sensitive information in cleartext which could be obtained by an attacker using man in the middle techniques. IBM X-Force ID: 244121.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/244121 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7029681 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/244121 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7029681 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | aspera_faspex | * | |
| linux | linux_kernel | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:aspera_faspex:*:*:*:*:*:*:*:*", matchCriteriaId: "E98E1987-F57F-48E0-B65E-3EA019915989", versionEndIncluding: "5.0.5", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Aspera Faspex 5.0.5 transmits sensitive information in cleartext which could be obtained by an attacker using man in the middle techniques. IBM X-Force ID: 244121.", }, { lang: "es", value: "IBM Aspera Faspex v5.0.5 transmite información sensible en texto claro que podría ser obtenida por un atacante utilizando técnicas de \"man in the middle\". IBM X-Force ID: 244121.", }, ], id: "CVE-2023-22870", lastModified: "2024-11-21T07:45:33.363", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-09-05T01:15:07.360", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/244121", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7029681", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/244121", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7029681", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-319", }, ], source: "psirt@us.ibm.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-319", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }