Lucene search

IbmCVE-2024-45096

HistorySep 05, 2024 - 4:15 p.m.

CVE-2024-45096

2024-09-0516:15:07

CWE-548

ibm

web.nvd.nist.gov

ibm

aspera

faspex

5.0.0

5.0.9

vulnerability

sensitive information

directory listing

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

18.8%

JSON

IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user with access to the package to obtain sensitive information through a directory listing.

Affected configurations

Nvd

Vulners

Node

ibmaspera_faspexRange5.0.0–5.0.10

VendorProductVersionCPE
ibmaspera_faspex*cpe:2.3:a:ibm:aspera_faspex:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	aspera_faspex	*	cpe:2.3:a:ibm:aspera_faspex::::::::

CNA Affected

[
  {
    "cpes": [
      "cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:aspera_faspex:5.0.9:*:*:*:*:*:*:*"
    ],
    "defaultStatus": "unaffected",
    "product": "Aspera Faspex",
    "vendor": "IBM",
    "versions": [
      {
        "lessThanOrEqual": "5.0.9",
        "status": "affected",
        "version": "5.0.0",
        "versionType": "semver"
      }
    ]
  }
]

References

www.ibm.com/support/pages/node/7167255

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

18.8%

JSON

Related for CVE-2024-45096