Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Aspera_faspex
(Ibm)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 28 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-03-05 | CVE-2022-22399 | IBM Aspera Faspex 5.0.0 and 5.0.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 222562. | Aspera_faspex | 6.5 | ||
| 2024-05-28 | CVE-2023-37411 | IBM Aspera Faspex 5.0.0 through 5.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 260139. | Aspera_faspex | 5.4 | ||
| 2024-12-11 | CVE-2023-37395 | IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certain data. | Aspera_faspex | 3.3 | ||
| 2024-04-19 | CVE-2023-37400 | IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to escalate their privileges due to insecure credential storage. IBM X-Force ID: 259677. | Aspera_faspex | 7.8 | ||
| 2024-04-19 | CVE-2023-22869 | IBM Aspera Faspex 5.0.0 through 5.0.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 244119. | Aspera_faspex | 5.5 | ||
| 2024-04-19 | CVE-2023-37396 | IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certain data. IBM X-Force ID: 259671. | Aspera_faspex | 5.5 | ||
| 2022-05-24 | CVE-2022-22497 | IBM Aspera Faspex 4.4.1 and 5.0.0 could allow unauthorized access due to an incorrectly computed security token. IBM X-Force ID: 226951. | Aspera_faspex | 7.5 | ||
| 2023-02-17 | CVE-2022-47986 | IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. The obsolete API call was removed in Faspex 4.4.2 PL2. IBM X-Force ID: 243512. | Aspera_faspex | 9.8 |