499 matches found
CVE-2025-36230
CVE-2025-36230 - IBM Aspera Faspex HTML injection is documented in the IBM Security Bulletin. Faspex 5.0.0–5.0.14.1 allows a remote attacker to inject malicious HTML that executes in the victim’s browser within the hosting site’s security context. Mitigation: upgrade Faspex to version 5.0.14.2 (L...
CVE-2025-36230 XSS in IBM Aspera Faspex
IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...
CVE-2025-36230 XSS in IBM Aspera Faspex
IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...
EUVD-2025-205440
IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 could allow authenticated users to enumerate sensitive information of data due by enumerating package identifiers...
CVE-2025-36229 Exposure of Sensitive System Information to an Unauthorized Control Sphere in IBM Aspera Faspex
IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 could allow authenticated users to enumerate sensitive information of data due by enumerating package identifiers...
CVE-2025-36229
IBM Aspera Faspex 5.x (versions 5.0.0–5.0.14.1) is affected by CVE-2025-36229. Authenticated users may enumerate package identifiers to reveal sensitive data due to an information exposure issue. This is specific to Faspex 5 and arises from the way package metadata can be enumerated, enabling dis...
CVE-2025-36229 Exposure of Sensitive System Information to an Unauthorized Control Sphere in IBM Aspera Faspex
IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 could allow authenticated users to enumerate sensitive information of data due by enumerating package identifiers...
CVE-2025-36228 Incorrect Execution-Assigned Permissions in IBM Aspera Faspex
IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 may allow inconsistent permissions between the user interface and backend API allowed users to access features that appeared disabled, potentially leading to misuse...
CVE-2025-36228 Incorrect Execution-Assigned Permissions in IBM Aspera Faspex
IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 may allow inconsistent permissions between the user interface and backend API allowed users to access features that appeared disabled, potentially leading to misuse...
EUVD-2025-205441
IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 may allow inconsistent permissions between the user interface and backend API allowed users to access features that appeared disabled, potentially leading to misuse...
CVE-2025-36228
CVE-2025-36228 affects IBM Aspera Faspex 5 (versions 5.0.0–5.0.14.1). The issue is inconsistent permissions between the UI and backend API, allowing users to access features that appeared disabled and potentially leading to misuse. Red Hat, CIRCL, NVD, and other feeds corroborate the same descrip...
IBM Aspera Faspex 安全漏洞
IBM Aspera Faspex is an International Business Machines IBM solution for rapid global person-to-person document delivery and collaboration. A security vulnerability exists in IBM Aspera Faspex 5 5.0.14.1 and prior versions, which stems from inconsistent permissions between the user interface and...
IBM Aspera Faspex 安全漏洞
IBM Aspera Faspex is an International Business Machines IBM solution for rapid global person-to-person file delivery and collaboration. A security vulnerability exists in IBM Aspera Faspex 5 5.0.14.1 and prior versions, which originates from an authenticated user who may be able to enumerate...
PT-2025-53587
Name of the Vulnerable Software and Affected Versions IBM Aspera Faspex 5 versions 5.0.0 through 5.0.14.1 Description Authenticated users may be able to enumerate sensitive information regarding data due dates by enumerating package identifiers. The issue involves the potential disclosure of data...
PT-2025-53588
Name of the Vulnerable Software and Affected Versions IBM Aspera Faspex versions 5.0.0 through 5.0.14.1 Description The software is susceptible to HTML injection. A remote attacker can inject malicious HTML code that, when viewed, executes within the victim’s web browser in the security context o...
PT-2025-53586
Name of the Vulnerable Software and Affected Versions IBM Aspera Faspex 5 versions 5.0.0 through 5.0.14.1 Description The software may have inconsistent permissions between the user interface and backend API. This could allow users to access features that appear disabled, potentially leading to...
IBM Aspera Faspex 安全漏洞
IBM Aspera Faspex is an International Business Machines IBM solution for rapid global person-to-person file delivery and collaboration. A security vulnerability exists in IBM Aspera Faspex 5 5.0.14.1 and prior versions, which originates from a remote attacker who can inject malicious HTML code th...
Security Bulletin: Multiple vulnerabilities in IBM Aspera Faspex
Summary Multiple vulnerabilities were addressed in IBM Aspera Faspex version 5.0.14.2 Vulnerability Details CVEID:CVE-2025-36228 DESCRIPTION: IBM Aspera Faspex 5 may allow inconsistent permissions between the user interface and backend API allowed users to access features that appeared disabled,...
IBM Aspera Faspex Input Validation Error Vulnerability
IBM Aspera Faspex is an International Business Machines IBM solution for rapid global person-to-person document delivery and collaboration. IBM Aspera Faspex has an input validation error vulnerability that stems from improper API input validation, which can be exploited by an attacker to cause a...
Unspecified Vulnerability in IBM Aspera Faspex
IBM Aspera Faspex is an International Business Machines IBM solution for rapid global person-to-person document delivery and collaboration. A security vulnerability exists in IBM Aspera Faspex versions 5.0.0 through 5.0.13.1 that stems from a cross-domain policy file containing domains that shoul...