Lucene search
K

233 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/06/18 5:57 p.m.32 views

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Aspera Orchestrator, IBM Aspera Virtual Catcher, IBM Aspera Faspex, IBM Aspera Shar

Question Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Aspera Orchestrator, IBM Aspera Virtual Catcher, IBM Aspera Faspex, IBM Aspera Shares "Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Product":"code":"SS8NDZ","label":"IBM...

5.4AI score
Exploits0Affected Software1
OSV
OSV
added 2026/03/10 8:16 p.m.5 views

CVE-2025-36226

IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

5.4CVSS5.5AI score0.0021EPSS
Exploits0References1
CVE
CVE
added 2026/03/10 7:59 p.m.16 views

CVE-2025-36226

CVE-2025-36226 affects IBM Aspera Faspex 5.0.0 through 5.0.14.3. A cross-site scripting flaw allows an authenticated user to inject arbitrary JavaScript into the Web UI, potentially leading to credentials disclosure within a trusted session. Root cause: improper handling of input in the Web UI. I...

5.4CVSS5.4AI score0.0021EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/10 7:57 p.m.4 views

CVE-2025-36227

IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijackin...

5.4CVSS5.7AI score0.0021EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.8 views

IBM Aspera Faspex 跨站脚本漏洞

IBM Aspera Faspex is a solution developed by IBM for rapid global personal-to-person file delivery and collaboration. Versions 5.5.0 to 5.0.14.3 of IBM Aspera Faspex contain a cross-site scripting vulnerability. This vulnerability stems from allowing authenticated users to embed arbitrary...

5.4CVSS5.8AI score0.0021EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.5 views

PT-2026-24406

IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

5.4CVSS5.4AI score0.0021EPSS
Exploits0References2
OSV
OSV
added 2025/12/26 3:15 p.m.5 views

CVE-2025-36229

IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 could allow authenticated users to enumerate sensitive information of data due by enumerating package identifiers...

4.3CVSS5.8AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/26 2:22 p.m.4 views

CVE-2025-36230 XSS in IBM Aspera Faspex

IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

5.4CVSS6.2AI score0.00166EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/26 2:22 p.m.32 views

CVE-2025-36230 XSS in IBM Aspera Faspex

IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

5.4CVSS0.00166EPSS
Exploits0References1
CVE
CVE
added 2025/12/26 2:15 p.m.19 views

CVE-2025-36229

IBM Aspera Faspex 5.x (versions 5.0.0–5.0.14.1) is affected by CVE-2025-36229. Authenticated users may enumerate package identifiers to reveal sensitive data due to an information exposure issue. This is specific to Faspex 5 and arises from the way package metadata can be enumerated, enabling dis...

4.3CVSS5.8AI score0.00219EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/12/26 2:11 p.m.30 views

CVE-2025-36228 Incorrect Execution-Assigned Permissions in IBM Aspera Faspex

IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 may allow inconsistent permissions between the user interface and backend API allowed users to access features that appeared disabled, potentially leading to misuse...

3.8CVSS0.00203EPSS
Exploits0References1
NVD
NVD
added 2025/10/09 2:15 p.m.22 views

CVE-2025-36171

IBM Aspera Faspex 5.0.0 through 5.0.13.1 could allow a privileged user to cause a denial of service from improperly validated API input due to excessive resource consumption...

4.9CVSS0.00299EPSS
Exploits0References1
OSV
OSV
added 2025/10/09 2:15 p.m.3 views

CVE-2025-36171

IBM Aspera Faspex 5.0.0 through 5.0.13.1 could allow a privileged user to cause a denial of service from improperly validated API input due to excessive resource consumption...

4.9CVSS5.8AI score0.00299EPSS
Exploits0References1
NVD
NVD
added 2025/10/09 2:15 p.m.7 views

CVE-2023-37401

IBM Aspera Faspex 5.0.0 through 5.0.13.1 uses a cross-domain policy file that includes domains that should not be trusted...

5.3CVSS0.00209EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/09 1:57 p.m.12 views

EUVD-2025-33345

IBM Aspera Faspex 5.0.0 through 5.0.13.1 could allow a privileged user to cause a denial of service from improperly validated API input due to excessive resource consumption...

4.9CVSS6AI score0.00299EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/09 1:56 p.m.3 views

CVE-2025-36225 IBM Aspera Faspex information disclosure

IBM Aspera 5.0.0 through 5.0.13.1 could disclose sensitive user information from the system to an authenticated user due to an observable discrepancy of returned data...

4.3CVSS5.8AI score0.00214EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/09 1:56 p.m.8 views

CVE-2025-36225 IBM Aspera Faspex information disclosure

IBM Aspera 5.0.0 through 5.0.13.1 could disclose sensitive user information from the system to an authenticated user due to an observable discrepancy of returned data...

4.3CVSS0.00214EPSS
Exploits0References1
CVE
CVE
added 2025/10/09 1:56 p.m.38 views

CVE-2025-36225

CVE-2025-36225 concerns IBM Aspera Faspex information disclosure: Aspera Faspex versions 5.0.0–5.0.13.1 may disclose sensitive user information to an authenticated user due to an observable discrepancy in returned data. The IBM advisory (IBM Aspera Faspex security bulletin) lists this CVE among m...

4.3CVSS5.8AI score0.00214EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/10/09 12:0 a.m.3 views

IBM Aspera Faspex 安全漏洞

IBM Aspera Faspex is an International Business Machines IBM solution for rapid global person-to-person document delivery and collaboration. IBM Aspera Faspex has an input validation error vulnerability that stems from improper API input validation, which can be exploited by an attacker to cause a...

4.9CVSS6.4AI score0.00299EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-41312

Malicious code in bioql PyPI...

5.4CVSS5.8AI score0.00247EPSS
Exploits0References2
Rows per page
Query Builder