233 matches found
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Aspera Orchestrator, IBM Aspera Virtual Catcher, IBM Aspera Faspex, IBM Aspera Shar
Question Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Aspera Orchestrator, IBM Aspera Virtual Catcher, IBM Aspera Faspex, IBM Aspera Shares "Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Product":"code":"SS8NDZ","label":"IBM...
CVE-2025-36226
IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...
CVE-2025-36226
CVE-2025-36226 affects IBM Aspera Faspex 5.0.0 through 5.0.14.3. A cross-site scripting flaw allows an authenticated user to inject arbitrary JavaScript into the Web UI, potentially leading to credentials disclosure within a trusted session. Root cause: improper handling of input in the Web UI. I...
CVE-2025-36227
IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijackin...
IBM Aspera Faspex 跨站脚本漏洞
IBM Aspera Faspex is a solution developed by IBM for rapid global personal-to-person file delivery and collaboration. Versions 5.5.0 to 5.0.14.3 of IBM Aspera Faspex contain a cross-site scripting vulnerability. This vulnerability stems from allowing authenticated users to embed arbitrary...
PT-2026-24406
IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...
CVE-2025-36229
IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 could allow authenticated users to enumerate sensitive information of data due by enumerating package identifiers...
CVE-2025-36230 XSS in IBM Aspera Faspex
IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...
CVE-2025-36230 XSS in IBM Aspera Faspex
IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...
CVE-2025-36229
IBM Aspera Faspex 5.x (versions 5.0.0–5.0.14.1) is affected by CVE-2025-36229. Authenticated users may enumerate package identifiers to reveal sensitive data due to an information exposure issue. This is specific to Faspex 5 and arises from the way package metadata can be enumerated, enabling dis...
CVE-2025-36228 Incorrect Execution-Assigned Permissions in IBM Aspera Faspex
IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 may allow inconsistent permissions between the user interface and backend API allowed users to access features that appeared disabled, potentially leading to misuse...
CVE-2025-36171
IBM Aspera Faspex 5.0.0 through 5.0.13.1 could allow a privileged user to cause a denial of service from improperly validated API input due to excessive resource consumption...
CVE-2025-36171
IBM Aspera Faspex 5.0.0 through 5.0.13.1 could allow a privileged user to cause a denial of service from improperly validated API input due to excessive resource consumption...
CVE-2023-37401
IBM Aspera Faspex 5.0.0 through 5.0.13.1 uses a cross-domain policy file that includes domains that should not be trusted...
EUVD-2025-33345
IBM Aspera Faspex 5.0.0 through 5.0.13.1 could allow a privileged user to cause a denial of service from improperly validated API input due to excessive resource consumption...
CVE-2025-36225 IBM Aspera Faspex information disclosure
IBM Aspera 5.0.0 through 5.0.13.1 could disclose sensitive user information from the system to an authenticated user due to an observable discrepancy of returned data...
CVE-2025-36225 IBM Aspera Faspex information disclosure
IBM Aspera 5.0.0 through 5.0.13.1 could disclose sensitive user information from the system to an authenticated user due to an observable discrepancy of returned data...
CVE-2025-36225
CVE-2025-36225 concerns IBM Aspera Faspex information disclosure: Aspera Faspex versions 5.0.0–5.0.13.1 may disclose sensitive user information to an authenticated user due to an observable discrepancy in returned data. The IBM advisory (IBM Aspera Faspex security bulletin) lists this CVE among m...
IBM Aspera Faspex 安全漏洞
IBM Aspera Faspex is an International Business Machines IBM solution for rapid global person-to-person document delivery and collaboration. IBM Aspera Faspex has an input validation error vulnerability that stems from improper API input validation, which can be exploited by an attacker to cause a...
EUVD-2023-41312
Malicious code in bioql PyPI...