Lucene search

IbmCVELIST:CVE-2024-45096

HistorySep 05, 2024 - 3:34 p.m.

CVE-2024-45096 IBM Aspera Faspex information disclosure

2024-09-0515:34:22

CWE-548

ibm

www.cve.org

ibm

aspera

faspex

information disclosure

vulnerability

directory listing

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

18.8%

JSON

IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user with access to the package to obtain sensitive information through a directory listing.

CNA Affected

[
  {
    "cpes": [
      "cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:aspera_faspex:5.0.9:*:*:*:*:*:*:*"
    ],
    "defaultStatus": "unaffected",
    "product": "Aspera Faspex",
    "vendor": "IBM",
    "versions": [
      {
        "lessThanOrEqual": "5.0.9",
        "status": "affected",
        "version": "5.0.0",
        "versionType": "semver"
      }
    ]
  }
]

References

www.ibm.com/support/pages/node/7167255

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

18.8%

JSON

Related for CVELIST:CVE-2024-45096