Lucene search

IbmCVELIST:CVE-2024-45097

HistorySep 05, 2024 - 3:35 p.m.

CVE-2024-45097 IBM Aspera Faspex bypass security

2024-09-0515:35:56

CWE-650

ibm

www.cve.org

ibm

aspera

faspex

security

bypass

access restrictions

resource modification

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N

EPSS

0.001

Percentile

16.8%

JSON

IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification.

CNA Affected

[
  {
    "cpes": [
      "cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:aspera_faspex:5.0.9:*:*:*:*:*:*:*"
    ],
    "defaultStatus": "unaffected",
    "product": "Aspera Faspex",
    "vendor": "IBM",
    "versions": [
      {
        "lessThanOrEqual": "5.0.9",
        "status": "affected",
        "version": "5.0.0",
        "versionType": "semver"
      }
    ]
  }
]

References

www.ibm.com/support/pages/node/7167255

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N

EPSS

0.001

Percentile

16.8%

JSON

Related for CVELIST:CVE-2024-45097