7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
Aspera Web Applications (Faspex, Console) and On Demand products have addressed the following OpenSSL vulnerability.
CVEID:CVE-2017-7468 *DESCRIPTION: ** No CVE description.
CVSS Base Score: 3.1
CVSS Temporal Score: See [Not Applicable](<https://psirt.raleigh.ibm.com/teamworks/Not Applicable>) for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)
IBM Aspera Faspex 4.1.0
IBM Aspera Console 3.2.0
IBM Aspera Faspex Server on Demand 3.7.3
For IBM Aspera (Faspex, Console) the issue can be fixed by downloading the following new versions.
On Demand customers should download a related product release for their On Demand image from the following.
Product | VRMF | APAR | Remediation/First Fix |
---|---|---|---|
IBM Aspera Faspex | 4.2.0 or Higher | None | <https://downloads.asperasoft.com/en/downloads/6> |
IBM Aspera Console | 3.3.0 or Higher | None | <https://downloads.asperasoft.com/en/downloads/34> |
CPE | Name | Operator | Version |
---|---|---|---|
ibm aspera | eq | any |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N