Lucene search

IBMF73E0EBA07F808CC311F1BEE8CD05E8006521D2DA613C5B0AF32FC69B8DD3F65

HistorySep 04, 2024 - 5:20 p.m.

Security Bulletin: IBM Aspera Faspex 5 has addressed multiple vulnerabilities (CVE-2024-45097, CVE-2024-45096, CVE-2024-45098)

2024-09-0417:20:36

www.ibm.com

ibm aspera faspex

vulnerabilities

cve-2024-45097

cve-2024-45096

cve-2024-45098

remediation

linux

directory listing

resource modification

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

AI Score

7.2

Confidence

Low

EPSS

0.001

Percentile

20.1%

JSON

Summary

This Security Bulletin addresses multiple vulnerabilities that have been remediated in IBM Aspera Faspex 5.0.10

Vulnerability Details

CVEID:CVE-2024-45097
**DESCRIPTION:**IBM Aspera Faspex could allow a user to bypass intended access restrictions and conduct resource modification.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/352470 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N)

CVEID:CVE-2024-45096
**DESCRIPTION:**IBM Aspera Faspex could allow a user with access to the package to obtain sensitive information through a directory listing.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/352464 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2024-45098
**DESCRIPTION:**IBM Aspera Faspex could allow a user to bypass intended access restrictions and conduct resource modification.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/352482 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
Aspera Faspex 5	5.0.0 - 5.0.9

Remediation/Fixes

It is recommended to apply the fix as soon as possible, see link below.

Product	Fixing VRM	Platform	Link to Fix
IBM Aspera Faspex

5.0.10

| Linux| click here

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmaspera_server_on_demandMatch1.0

ibmaspera_faspexMatch1.0

ibmaspera_server_on_demandMatch1.1

ibmaspera_faspex_on_demandMatch3.7

ibmaspera_faspexMatch5.0

ibmaspera_faspexMatch1.0

VendorProductVersionCPE
ibmaspera_server_on_demand1.0cpe:2.3:a:ibm:aspera_server_on_demand:1.0:*:*:*:*:*:*:*
ibmaspera_faspex1.0cpe:2.3:a:ibm:aspera_faspex:1.0:*:*:*:*:*:*:*
ibmaspera_server_on_demand1.1cpe:2.3:a:ibm:aspera_server_on_demand:1.1:*:*:*:*:*:*:*
ibmaspera_faspex_on_demand3.7cpe:2.3:a:ibm:aspera_faspex_on_demand:3.7:*:*:*:*:*:*:*
ibmaspera_faspex5.0cpe:2.3:a:ibm:aspera_faspex:5.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	aspera_server_on_demand	1.0	cpe:2.3:a:ibm:aspera_server_on_demand:1.0:::::::*
ibm	aspera_faspex	1.0	cpe:2.3:a:ibm:aspera_faspex:1.0:::::::*
ibm	aspera_server_on_demand	1.1	cpe:2.3:a:ibm:aspera_server_on_demand:1.1:::::::*
ibm	aspera_faspex_on_demand	3.7	cpe:2.3:a:ibm:aspera_faspex_on_demand:3.7:::::::*
ibm	aspera_faspex	5.0	cpe:2.3:a:ibm:aspera_faspex:5.0:::::::*

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

AI Score

7.2

Confidence

Low

EPSS

0.001

Percentile

20.1%

JSON

Related for F73E0EBA07F808CC311F1BEE8CD05E8006521D2DA613C5B0AF32FC69B8DD3F65