IBM2B90713172E9C9FD36B463548980539C7466B6F781E6F889B53EAF8918AA80B2Security Bulletin: IBM Aspera Faspex is vulnerable to privilege escalation for local users.
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.9 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
Summary
IBM Aspera Faspex has addressed a vulnerability due to insecure credential storage ( CVE-2023-37400)
Vulnerability Details
CVEID:CVE-2023-37400
**DESCRIPTION:**IBM Aspera Faspex could allow a local user to escalate their privileges due to insecure credential storage.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/259677 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| Aspera Faspex 5 | 5.0.0 - 5.0.7 |
Remediation/Fixes
It is recommended to apply the fix as soon as possible, see link below.
| Product | Fixing VRM | Platform | Link to Fix |
|---|---|---|---|
| IBM Aspera Faspex |
5.0.8
| Linux| click here
Workarounds and Mitigations
None
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm aspera faspex on demand | eq | 3.7 | |
| ibm aspera enterprise on demand | eq | 1.1 | |
| ibm aspera enterprise | eq | 1.0 | |
| ibm aspera | eq | 1.0 | |
| ibm aspera faspex | eq | 5.0.8 |
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.9 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%