Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Aspera Orchestrator, IBM Aspera Virtual Catcher, IBM Aspera Faspex, IBM Aspera Shar

Question Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Aspera Orchestrator, IBM Aspera Virtual Catcher, IBM Aspera Faspex, IBM Aspera Shares "Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Product":"code":"SS8NDZ","label":"IBM...

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Transfer Cluster Manager, faspex on Demand, Server on Demand, Application Platform on

Question Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Transfer Cluster Manager, faspex on Demand, Server on Demand, Application Platform on Demand, and Azure on Demand. CVE-2016-2107, CVE-2016-2106, CVE-2016-2176 "Business Unit":"code":"BU059","label":"IBM Software w/o...

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Transfer Cluster Manager, Faspex on Demand, Server on Demand, Application on Demand,

Question Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Transfer Cluster Manager, Faspex on Demand, Server on Demand, Application on Demand, and Azure on Demand CVE-2016-6302 CVE-2016-6304 CVE-2016-6303 CVE-2016-2182 CVE-2016-2177 ... "Business Unit":"code":"BU059","label":"IBM...

IBM Aspera Faspex <=4.4.2 PL1 - Remote Code Execution

IBM Aspera Faspex through 4.4.2 Patch Level 1 is susceptible to remote code execution via a YAML deserialization flaw. This can allow an attacker to send a specially crafted obsolete API call and thereby execute arbitrary code, obtain sensitive data, and/or execute other unauthorized operations...

Security Bulletin: Multiple vulnerabilities in IBM Aspera Faspex

Summary Multiple vulnerabilities were addressed in IBM Aspera Faspex 5.0.15.2 Vulnerability Details CVEID:CVE-2026-40895 DESCRIPTION: follow-redirects is an open source, drop-in replacement for Node's http and https modules that automatically follows redirects. Prior to 1.16.0, when an HTTP reque...

Security Bulletin: Multiple Vulnerabilities in IBM Aspera Faspex

Summary Multiple Vulnerabilities were addressed in IBM Aspera Faspex 5.0.15.1 Vulnerability Details CVEID:CVE-2025-62718 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when checking...

CVE-2025-36226

IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2025-36227

IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijackin...

EUVD-2025-208513

IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

EUVD-2025-208514

IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijackin...

EUVD-2025-208512

IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

EUVD-2025-208515

IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijackin...

CVE-2025-36227

IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijackin...

CVE-2025-36227

IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijackin...

CVE-2025-36226

IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2025-36226

IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2025-36226 Multiple vulnerabilities in IBM Aspera Faspex

IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2025-36226 Multiple vulnerabilities in IBM Aspera Faspex

IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2025-36226

CVE-2025-36226 affects IBM Aspera Faspex 5.0.0 through 5.0.14.3. A cross-site scripting flaw allows an authenticated user to inject arbitrary JavaScript into the Web UI, potentially leading to credentials disclosure within a trusted session. Root cause: improper handling of input in the Web UI. I...

CVE-2025-36226

IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...