Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMBED3376DC8E75A115BEF980CD4C0D7301AE67FD04A94EE160C705269EC445C04
HistoryMay 27, 2024 - 3:11 p.m.

Security Bulletin: IBM Aspera Faspex 5 has addressed a cross-site scripting vulnerability (CVE-2023-37411)

2024-05-2715:11:27
www.ibm.com
5
ibm aspera faspex
cross-site scripting
vulnerability
credentials disclosure
upgrade
fix
version 5.0.9
linux

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

5.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Summary

IBM Aspera Faspex 5 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Vulnerability Details

CVEID:CVE-2023-37411
**DESCRIPTION:**IBM Aspera Faspex is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/260139 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
Aspera Faspex 5 5.0.0 - 5.0.6

Remediation/Fixes

It is recommended that customers upgrade to the latest version of IBM Aspera Console:

Product Fixing VRM Platform Link to Fix
IBM Aspera Faspex

5.0.9

| Linux| click here

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmaspera_faspex_on_demandMatch3.7
OR
ibmaspera_server_on_demandMatch1.1
OR
ibmaspera_faspexMatch1.0
OR
ibmaspera_faspexMatch1.0
OR
ibmaspera_faspexMatch5.0

Related

cve 1
nvd 1
cvelist 1
vulnrichment 1
cve
cve
CVE-2023-37411
2024-05-28 12:15:08
nvd
nvd
CVE-2023-37411
2024-05-28 12:15:08
cvelist
cvelist
CVE-2023-37411 IBM Aspera Faspex cross-site scripting
2024-05-28 12:06:05
vulnrichment
vulnrichment
CVE-2023-37411 IBM Aspera Faspex cross-site scripting
2024-05-28 12:06:05

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

5.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON
Related for BED3376DC8E75A115BEF980CD4C0D7301AE67FD04A94EE160C705269EC445C04
cve1nvd1cvelist1vulnrichment1