IBM98BCEA63B5F0044FD449951BBAF522F0FCB0225515998498934FCEEC2EF13157Security Bulletin: IBM Aspera High-Speed Transfer Server and Aspera High-Speed Transfer Endpoint are vulnerable to exposing sensitive information (CVE-2022-22391)
0.001 Low
EPSS
Percentile
19.5%
Summary
IBM Aspera High-Speed Transfer Server and Aspera High-Speed Transfer Endpoint versions prior to 4.3.2 may be vulnerable to the exposure of sensitive information (CVE-2022-22391) by allowing authenticated users to obtain information they should not be able to access.
Vulnerability Details
CVEID:CVE-2022-22391
**DESCRIPTION:**IBM Aspera could allow an authenticated user to obtain information from non sensitive operating system files that they should not have access to.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/222059 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Aspera High-Speed Transfer Endpoint | 4.3.1 and earlier |
| IBM Aspera High-Speed Transfer Server | 4.3.1 and earlier |
Remediation/Fixes
The fix for this set of vulnerabilities was delivered in IBM Aspera High-Speed Transfer Server V4.0.0 and IBM Aspera High-Speed Transfer Endpoint V4.0.0.
| Product | VRMF |
|---|---|
| IBM Aspera High-Speed Transfer Server | 4.3.2 |
| IBM Aspera High-Speed Transfer Endpoint | 4.3.2 |
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| aspera high-speed sync | eq | 4.0.0 |
Related
0.001 Low
EPSS
Percentile
19.5%