7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
68.5%
This Security Bulletin addresses security vulnerabilities that have been remediated in IBM Aspera High-Speed Transfer Server 4.4.1 and Aspera High-Speed Transfer Endpoint 4.4.1
CVEID:CVE-2022-27774
**DESCRIPTION:**cURL libcurl could allow a remote attacker to obtain sensitive information, caused by a flaw in the “same host check” feature during a cross protocol redirects. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain credentials information, and use this information to launch further attacks against the affected system.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/225294 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID:CVE-2022-27776
**DESCRIPTION:**cURL libcurl could allow a remote attacker to obtain sensitive information, caused by a flaw when asked to send custom headers or cookies in its HTTP requests. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain authentication or cookie header data information, and use this information to launch further attacks against the affected system.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/225296 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID:CVE-2022-27775
**DESCRIPTION:**cURL libcurl could allow a remote attacker to obtain sensitive information, caused by a logic error in the config matching function. By sending a specially-crafted request using IPv6, an attacker could exploit this vulnerability to cause libcurl to reuse the wrong connection to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/225295 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
IBM Aspera High-Speed Transfer Server 4.4.0 and earlier
IBM Aspera High-Speed Transfer Endpoint 4.4.0 and earlier
The fix for this set of vulnerabilities was delivered in IBM Aspera High-Speed Transfer Server V4.4.1 and IBM Aspera High-Speed Transfer Endpoint V4.4.1. The recommended solution is to apply the fix as soon as possible:
Product(s) | Fixing VRM | Platform | Link to Fix |
---|---|---|---|
IBM Aspera High-Speed Transfer Server |
4.4.1
| AIX| click here
IBM Aspera High-Speed Transfer Server|
4.4.1
| Linux| click here
IBM Aspera High-Speed Transfer Server|
4.4.1
| Linux PPC| click here
IBM Aspera High-Speed Transfer Server|
4.4.1
| Linux zSeries| click here
IBM Aspera High-Speed Transfer Server|
4.4.1
| Mac OSX| click here
IBM Aspera High-Speed Transfer Server|
4.4.1
| Windows| click here
IBM Aspera High-Speed Transfer Endpoint|
4.4.1
| AIX| click here
IBM Aspera High-Speed Transfer Endpoint|
4.4.1
| Linux| click here
IBM Aspera High-Speed Transfer Endpoint|
4.4.1
| Linux PPC| click here
IBM Aspera High-Speed Transfer Endpoint|
4.4.1
| Linux zSeries| click here
IBM Aspera High-Speed Transfer Endpoint|
4.4.1
| Mac OSX| click here
IBM Aspera High-Speed Transfer Endpoint|
4.4.1
| Windows| click here
None
CPE | Name | Operator | Version |
---|---|---|---|
aspera high-speed sync | eq | 4.0.0 |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
68.5%