Aspera Faspex Security Vulnerabilities and Issues — Aspera Faspex CVE List

Lucene search

IbmAspera Faspex

13 matches found

CVE•added 2024/03/05 8:16 p.m.•81 views

CVE-2022-22399

IBM Aspera Faspex 5.0.0 and 5.0.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Fo...

6.5CVSS5.3AI score0.00077EPSS

CVE•added 2024/04/19 5:15 p.m.•76 views

CVE-2023-27279

IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a user to cause a denial of service due to missing API rate limiting. IBM X-Force ID: 248533.

6.5CVSS6.3AI score0.00063EPSS

CVE•added 2024/12/11 3:15 a.m.•60 views

CVE-2023-37395

IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certain data.

3.3CVSS3.2AI score0.00025EPSS

CVE•added 2024/04/19 5:15 p.m.•60 views

CVE-2023-37397

IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain or modify sensitive information due to improper encryption of certain data. IBM X-Force ID: 259672.

4.4CVSS5.7AI score0.00008EPSS

CVE•added 2024/04/19 4:15 p.m.•56 views

CVE-2023-22869

IBM Aspera Faspex 5.0.0 through 5.0.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 244119.

5.5CVSS5.5AI score0.00022EPSS

CVE•added 2024/05/28 12:15 p.m.•51 views

CVE-2023-37411

IBM Aspera Faspex 5.0.0 through 5.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 260139.

5.4CVSS4.8AI score0.00068EPSS

CVE•added 2024/04/19 4:15 p.m.•47 views

CVE-2023-37396

IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certain data. IBM X-Force ID: 259671.

5.5CVSS5.5AI score0.00008EPSS

CVE•added 2024/04/19 5:15 p.m.•41 views

CVE-2022-40745

IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to weaker than expected security. IBM X-Force ID: 236452.

5.5CVSS5.5AI score0.0001EPSS

CVE•added 2024/04/19 2:15 p.m.•41 views

CVE-2023-37400

IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to escalate their privileges due to insecure credential storage. IBM X-Force ID: 259677.

7.8CVSS6.4AI score0.00019EPSS

CVE•added 2024/09/05 4:15 p.m.•41 views

CVE-2024-45098

IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification.

8.1CVSS6.8AI score0.00098EPSS

CVE•added 2024/09/05 4:15 p.m.•39 views

CVE-2024-45096

IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user with access to the package to obtain sensitive information through a directory listing.

6.5CVSS6.2AI score0.00141EPSS

CVE•added 2024/09/05 4:15 p.m.•39 views

CVE-2024-45097

IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification.

7.1CVSS5.8AI score0.00078EPSS

CVE•added 2024/02/02 4:15 a.m.•33 views

CVE-2022-40744

IBM Aspera Faspex 5.0.6 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236441.

5.4CVSS5.1AI score0.00055EPSS