Lucene search
+L

499 matches found

CVE
CVE
added 2025/12/26 2:22 p.m.20 views

CVE-2025-36230

CVE-2025-36230 - IBM Aspera Faspex HTML injection is documented in the IBM Security Bulletin. Faspex 5.0.0–5.0.14.1 allows a remote attacker to inject malicious HTML that executes in the victim’s browser within the hosting site’s security context. Mitigation: upgrade Faspex to version 5.0.14.2 (L...

5.4CVSS6.2AI score0.00166EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/26 2:22 p.m.4 views

CVE-2025-36230 XSS in IBM Aspera Faspex

IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

5.4CVSS6.2AI score0.00166EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/26 2:22 p.m.32 views

CVE-2025-36230 XSS in IBM Aspera Faspex

IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

5.4CVSS0.00166EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/26 2:15 p.m.6 views

EUVD-2025-205440

IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 could allow authenticated users to enumerate sensitive information of data due by enumerating package identifiers...

3.1CVSS5.7AI score0.00219EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/26 2:15 p.m.3 views

CVE-2025-36229 Exposure of Sensitive System Information to an Unauthorized Control Sphere in IBM Aspera Faspex

IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 could allow authenticated users to enumerate sensitive information of data due by enumerating package identifiers...

3.1CVSS5.8AI score0.00219EPSS
Exploits0References1
CVE
CVE
added 2025/12/26 2:15 p.m.24 views

CVE-2025-36229

IBM Aspera Faspex 5.x (versions 5.0.0–5.0.14.1) is affected by CVE-2025-36229. Authenticated users may enumerate package identifiers to reveal sensitive data due to an information exposure issue. This is specific to Faspex 5 and arises from the way package metadata can be enumerated, enabling dis...

4.3CVSS5.8AI score0.00219EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/12/26 2:15 p.m.34 views

CVE-2025-36229 Exposure of Sensitive System Information to an Unauthorized Control Sphere in IBM Aspera Faspex

IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 could allow authenticated users to enumerate sensitive information of data due by enumerating package identifiers...

3.1CVSS0.00219EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/26 2:11 p.m.4 views

CVE-2025-36228 Incorrect Execution-Assigned Permissions in IBM Aspera Faspex

IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 may allow inconsistent permissions between the user interface and backend API allowed users to access features that appeared disabled, potentially leading to misuse...

3.8CVSS6.3AI score0.00203EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/26 2:11 p.m.32 views

CVE-2025-36228 Incorrect Execution-Assigned Permissions in IBM Aspera Faspex

IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 may allow inconsistent permissions between the user interface and backend API allowed users to access features that appeared disabled, potentially leading to misuse...

3.8CVSS0.00203EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/26 2:11 p.m.4 views

EUVD-2025-205441

IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 may allow inconsistent permissions between the user interface and backend API allowed users to access features that appeared disabled, potentially leading to misuse...

3.8CVSS6.2AI score0.00203EPSS
Exploits0References2
CVE
CVE
added 2025/12/26 2:11 p.m.15 views

CVE-2025-36228

CVE-2025-36228 affects IBM Aspera Faspex 5 (versions 5.0.0–5.0.14.1). The issue is inconsistent permissions between the UI and backend API, allowing users to access features that appeared disabled and potentially leading to misuse. Red Hat, CIRCL, NVD, and other feeds corroborate the same descrip...

3.8CVSS6.3AI score0.00203EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/12/26 12:0 a.m.5 views

IBM Aspera Faspex 安全漏洞

IBM Aspera Faspex is an International Business Machines IBM solution for rapid global person-to-person document delivery and collaboration. A security vulnerability exists in IBM Aspera Faspex 5 5.0.14.1 and prior versions, which stems from inconsistent permissions between the user interface and...

3.8CVSS6.4AI score0.00203EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/26 12:0 a.m.5 views

IBM Aspera Faspex 安全漏洞

IBM Aspera Faspex is an International Business Machines IBM solution for rapid global person-to-person file delivery and collaboration. A security vulnerability exists in IBM Aspera Faspex 5 5.0.14.1 and prior versions, which originates from an authenticated user who may be able to enumerate...

4.3CVSS6.1AI score0.00219EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/26 12:0 a.m.7 views

PT-2025-53587

Name of the Vulnerable Software and Affected Versions IBM Aspera Faspex 5 versions 5.0.0 through 5.0.14.1 Description Authenticated users may be able to enumerate sensitive information regarding data due dates by enumerating package identifiers. The issue involves the potential disclosure of data...

4.3CVSS6AI score0.00219EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/12/26 12:0 a.m.6 views

PT-2025-53588

Name of the Vulnerable Software and Affected Versions IBM Aspera Faspex versions 5.0.0 through 5.0.14.1 Description The software is susceptible to HTML injection. A remote attacker can inject malicious HTML code that, when viewed, executes within the victim’s web browser in the security context o...

5.4CVSS6.6AI score0.00166EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/12/26 12:0 a.m.7 views

PT-2025-53586

Name of the Vulnerable Software and Affected Versions IBM Aspera Faspex 5 versions 5.0.0 through 5.0.14.1 Description The software may have inconsistent permissions between the user interface and backend API. This could allow users to access features that appear disabled, potentially leading to...

3.8CVSS6.5AI score0.00203EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/12/26 12:0 a.m.7 views

IBM Aspera Faspex 安全漏洞

IBM Aspera Faspex is an International Business Machines IBM solution for rapid global person-to-person file delivery and collaboration. A security vulnerability exists in IBM Aspera Faspex 5 5.0.14.1 and prior versions, which originates from a remote attacker who can inject malicious HTML code th...

5.4CVSS6.7AI score0.00166EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/18 8:0 p.m.7 views

Security Bulletin: Multiple vulnerabilities in IBM Aspera Faspex

Summary Multiple vulnerabilities were addressed in IBM Aspera Faspex version 5.0.14.2 Vulnerability Details CVEID:CVE-2025-36228 DESCRIPTION: IBM Aspera Faspex 5 may allow inconsistent permissions between the user interface and backend API allowed users to access features that appeared disabled,...

5.4CVSS6.2AI score0.00219EPSS
Exploits0Affected Software6
CNVD
CNVD
added 2025/10/21 12:0 a.m.5 views

IBM Aspera Faspex Input Validation Error Vulnerability

IBM Aspera Faspex is an International Business Machines IBM solution for rapid global person-to-person document delivery and collaboration. IBM Aspera Faspex has an input validation error vulnerability that stems from improper API input validation, which can be exploited by an attacker to cause a...

4.9CVSS6.7AI score0.00299EPSS
Exploits0References1
CNVD
CNVD
added 2025/10/21 12:0 a.m.4 views

Unspecified Vulnerability in IBM Aspera Faspex

IBM Aspera Faspex is an International Business Machines IBM solution for rapid global person-to-person document delivery and collaboration. A security vulnerability exists in IBM Aspera Faspex versions 5.0.0 through 5.0.13.1 that stems from a cross-domain policy file containing domains that shoul...

5.3CVSS6.8AI score0.00209EPSS
Exploits0References1
Rows per page
Query Builder