cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-35907,https://securityvulnerability.io/vulnerability/CVE-2023-35907,Weak Password Policy in IBM Aspera Faspex Affects User Account Security,"IBM Aspera Faspex versions 5.0.0 to 5.0.10 are impacted by a vulnerability that stems from a default configuration allowing weak password requirements. This oversight enables attackers to exploit user accounts more easily, posing significant risks to account security and integrity. Organizations using these versions should assess their configurations and implement strong password policies to safeguard their systems.",IBM,Aspera Faspex,5.9,MEDIUM,0.0008699999889358878,false,,false,false,false,,false,false,false,,2025-01-29T16:37:06.966Z,0
CVE-2023-37413,https://securityvulnerability.io/vulnerability/CVE-2023-37413,Information Disclosure Vulnerability in IBM Aspera Faspex by IBM,IBM Aspera Faspex version 5.0.0 through 5.0.10 is susceptible to a vulnerability that allows for the disclosure of sensitive username information. This issue arises from a detectable response discrepancy that attackers might exploit to gain unauthorized access to user credentials. Users of the affected versions should implement necessary patches to safeguard against potential breaches.,IBM,Aspera Faspex,5.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-01-29T16:36:24.872Z,0
CVE-2023-37398,https://securityvulnerability.io/vulnerability/CVE-2023-37398,Account Compromise Risk in IBM Aspera Faspex by Weak Password Policy,"The IBM Aspera Faspex application versions 5.0.0 through 5.0.10 are susceptible to a vulnerability that allows users to set weak passwords by default. This lack of enforced password strength can lead to increased risk of unauthorized access, as attackers may exploit this weakness to compromise user accounts. Organizations using these versions should review their password policies and consider implementing stronger authentication measures to mitigate potential risks.",IBM,Aspera Faspex,5.9,MEDIUM,0.0008699999889358878,false,,false,false,false,,false,false,false,,2025-01-29T16:35:45.779Z,0
CVE-2023-37412,https://securityvulnerability.io/vulnerability/CVE-2023-37412,Access Control Flaw in IBM Aspera Faspex Affects Multiple Versions,"An access control vulnerability in IBM Aspera Faspex versions 5.0.0 through 5.0.10 may enable a privileged user to execute unauthorized system changes, bypassing established access controls. This can lead to significant security risks as systems may be altered without the necessary oversight or permissions.",IBM,Aspera Faspex,4.4,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-01-29T16:34:55.809Z,0
CVE-2023-37395,https://securityvulnerability.io/vulnerability/CVE-2023-37395,Local User Could Access Sensitive Data Due to Insufficient Encryption,"IBM Aspera Faspex versions 5.0.0 to 5.0.7 are influenced by a security flaw that can permit local users to gain unauthorized access to sensitive information. This vulnerability arises from improper encryption mechanisms utilized within the application, leading to potential data exposure. Organizations using the affected versions are urged to review their security measures and apply recommended updates to mitigate risks associated with this vulnerability.",IBM,Aspera Faspex,3.3,LOW,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-11T02:49:38.428Z,0
CVE-2022-43845,https://securityvulnerability.io/vulnerability/CVE-2022-43845,Aspera Console Vulnerability: Remote Attacker Could Access Sensitive Information,"A vulnerability has been identified in IBM Aspera Console versions 3.4.0 through 3.4.4 that allows for the potential exposure of sensitive information. This issue arises from a failure to properly configure the HTTPOnly flag on cookies, leaving them accessible to malicious scripts. By exploiting this vulnerability, an attacker can remotely harvest sensitive data stored in the affected cookies, which may include session tokens or personal information. It is critical for users of the affected versions to apply security updates and configure their settings to mitigate the risk of unauthorized access.",IBM,Aspera Console,7.5,HIGH,0.0008699999889358878,false,,false,false,false,,,false,false,,2024-09-25T01:15:00.000Z,0
CVE-2021-38963,https://securityvulnerability.io/vulnerability/CVE-2021-38963,Aspera Console Under Attack: Cavalier CSV Injection Vulnerability,"An issue has been identified in IBM Aspera Console versions 3.4.0 to 3.4.4, which allows remote authenticated attackers to exploit the system through a CSV injection vulnerability. This flaw occurs when a specially crafted file is opened by a victim, enabling an attacker to execute arbitrary code on the impacted system. Proper mitigation measures should be implemented to prevent exploitation and to safeguard system integrity.",IBM,Aspera Console,8,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-09-25T01:15:00.000Z,0
CVE-2024-38315,https://securityvulnerability.io/vulnerability/CVE-2024-38315,Session Management Flaw in IBM Aspera Shares by IBM,"IBM Aspera Shares versions 1.0 through 1.10.0 PL3 contain a session management vulnerability that fails to invalidate active sessions after a password reset. This flaw permits an authenticated user to potentially impersonate another user, leading to unauthorized actions within the system. Proper session invalidation protocols are crucial to prevent such impersonation and safeguard user data.",IBM,Aspera Shares,6.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-09-16T15:15:00.000Z,0
CVE-2024-45096,https://securityvulnerability.io/vulnerability/CVE-2024-45096,IBM Aspera Faspex Vulnerability: Sensitive Information at Risk,"The IBM Aspera Faspex versions 5.0.0 through 5.0.9 are susceptible to an information disclosure vulnerability that may allow a user with access to the system to retrieve sensitive data via a directory listing. This vulnerability poses potential risks to data confidentiality and integrity, making it crucial for users to apply security best practices and updates to mitigate exposure.",IBM,Aspera Faspex,6.5,MEDIUM,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-09-05T16:15:00.000Z,0
CVE-2024-45098,https://securityvulnerability.io/vulnerability/CVE-2024-45098,Potential Security Vulnerability in IBM Aspera Faspex 5.0.0-5.0.9 Allows Unauthorized Access Restrictions Bypass,"IBM Aspera Faspex versions 5.0.0 through 5.0.9 are susceptible to a vulnerability where an attacker could potentially bypass established access restrictions. This weakness may enable unauthorized users to modify resources within the application, posing risks to data integrity and security. Organizations using affected versions are encouraged to review their security configurations and apply any necessary updates to mitigate potential impacts.",IBM,Aspera Faspex,8.1,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-09-05T16:15:00.000Z,0
CVE-2024-45097,https://securityvulnerability.io/vulnerability/CVE-2024-45097,Bypassing Access Restrictions and Modifying Resources,"IBM Aspera Faspex versions 5.0.0 through 5.0.9 are affected by a vulnerability that allows users to bypass intended access restrictions. This flaw can lead to unauthorized resource modification, potentially compromising the integrity of the data and operations managed through this application. The issue necessitates immediate attention to ensure secure access controls and protect sensitive information.",IBM,Aspera Faspex,7.1,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-09-05T16:15:00.000Z,0
CVE-2023-38018,https://securityvulnerability.io/vulnerability/CVE-2023-38018,Potential Password Impersonation Vulnerability in IBM Aspera Shares 1.10.0 PL2,"IBM Aspera Shares 1.10.0 PL2 contains a session management flaw that fails to invalidate user sessions when a password change occurs. This vulnerability could be exploited by an authenticated user to impersonate another user on the system, potentially leading to unauthorized access to sensitive information and operations. The lack of appropriate session invalidation represents a significant security risk, as it undermines the integrity of user authentication processes. Organizations using affected versions are advised to apply available security updates to mitigate this risk.",IBM,Aspera Shares,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-08-12T13:38:00.000Z,0
CVE-2023-26288,https://securityvulnerability.io/vulnerability/CVE-2023-26288,IBM Aspera Orchestrator 4.0.1 Password Change Vulnerability,"IBM Aspera Orchestrator version 4.0.1 contains a security vulnerability related to its session management mechanism. Following a password change, the application does not invalidate user sessions, which could allow an authenticated user to impersonate another user on the system. This flaw creates potential for unauthorized access and may lead to sensitive information being exposed or abused. Users of this software should be aware of the implications of this oversight and take necessary precautions to mitigate potential risks.",IBM,Aspera Orchestrator,5.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-07-30T17:01:00.430Z,0
CVE-2023-38001,https://securityvulnerability.io/vulnerability/CVE-2023-38001,Cross-Site Request Forgery Vulnerability in IBM Aspera Orchestrator 4.0.1,"IBM Aspera Orchestrator version 4.0.1 is exposed to a cross-site request forgery vulnerability that permits an attacker to execute unauthorized commands by exploiting the trust a website has for its users. This flaw enables malevolent actors to perform actions on behalf of authenticated users, compromising the integrity and security of operations facilitated by the affected product. Users and administrators should review the advisory and implement recommended patches and best practices to mitigate the threat associated with this vulnerability.",IBM,Aspera Orchestrator,6.5,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-07-30T16:54:07.076Z,0
CVE-2023-26289,https://securityvulnerability.io/vulnerability/CVE-2023-26289,Aspera Orchestrator Vulnerable to HTTP Header Injection,"IBM Aspera Orchestrator 4.0.1 contains a vulnerability due to insufficient validation of input in HOST headers, which may allow an attacker to exploit this weakness through various attacks. Potential threats include cross-site scripting, cache poisoning, and session hijacking, which could compromise the integrity and confidentiality of user data within the affected systems. Organizations utilizing this product should assess their exposure and implement necessary mitigations promptly to protect against these threats.",IBM,Aspera Orchestrator,5.4,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-07-30T16:50:29.871Z,0
CVE-2022-43841,https://securityvulnerability.io/vulnerability/CVE-2022-43841,Aspera Console Vulnerability Allows Web Pages to be Stored Locally,"A vulnerability exists in IBM Aspera Console versions 3.4.0 to 3.4.2 PL9, enabling local storage of web pages that can potentially be accessed by other users on the same system. This security gap poses a risk to data integrity, as unauthorized users may gain access to sensitive information stored within these web pages. Proper security measures and software updates are essential to mitigate this issue.",IBM,Aspera Console,3.3,LOW,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-30T11:45:55.428Z,0
CVE-2022-43575,https://securityvulnerability.io/vulnerability/CVE-2022-43575,Aspera Console vulnerable to Cross-Site Scripting,"IBM Aspera Console versions 3.4.0 through 3.4.2 PL5 exhibit a vulnerability allowing cross-site scripting (XSS) attacks. This security flaw enables malicious users to inject arbitrary JavaScript code into the Web UI. Consequently, this could affect the intended functionality of the application and potentially result in the disclosure of user credentials within a trusted session. It is crucial for organizations using affected versions to apply necessary security measures and updates to mitigate this security risk.",IBM,Aspera Console,5.4,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-05-30T11:38:06.556Z,0
CVE-2022-43384,https://securityvulnerability.io/vulnerability/CVE-2022-43384,Aspera Console vulnerable to Cross-Site Scripting,"IBM Aspera Console versions 3.4.0 through 3.4.2 PL5 are exposed to a cross-site scripting vulnerability that permits the injection of arbitrary JavaScript code within the Web UI. This security flaw can lead to unauthorized alteration of application functionality, which raises significant concerns such as potential exposure of user credentials during an active trusted session. Remediation measures are essential to mitigate the risks associated with this vulnerability, safeguarding user data from possible exploitation.",IBM,Aspera Console,5.4,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-05-30T11:36:25.042Z,0
CVE-2023-37411,https://securityvulnerability.io/vulnerability/CVE-2023-37411,Aspera Faspex vulnerable to Cross-Site Scripting (XSS),IBM Aspera Faspex versions 5.0.0 through 5.0.6 are affected by a cross-site scripting vulnerability that allows an attacker to embed arbitrary JavaScript code in the web user interface. This exploitation can alter the intended functionality of the application and may result in unauthorized access to user credentials during trusted sessions. Preventive measures should be taken to secure applications against such vulnerabilities.,IBM,Aspera Faspex,5.4,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-05-28T12:06:05.023Z,0
CVE-2023-27283,https://securityvulnerability.io/vulnerability/CVE-2023-27283,Aspera Orchestrator 4.0.1 Vulnerability Could Enable Remote Username Enumeration,"The vulnerability in IBM Aspera Orchestrator version 4.0.1 enables remote attackers to enumerate usernames by exploiting observable discrepancies in application responses. When attackers send specific requests, the differences in response times or content can be leveraged to infer valid usernames, leading to further security risks. Organizations using this version should assess their exposure and take appropriate measures to mitigate the potential exploitation of this vulnerability.",IBM,Aspera Orchestrator,5.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-05-04T13:16:14.314Z,0
CVE-2023-37407,https://securityvulnerability.io/vulnerability/CVE-2023-37407,Aspera Orchestrator 4.0.1 Vulnerability Allows Remote Execution of Arbitrary Commands,"IBM Aspera Orchestrator version 4.0.1 is susceptible to a vulnerability that enables remote authenticated attackers to send specially crafted requests, which could lead to the execution of arbitrary commands on the affected system. This exploitation potential presents significant risks for the integrity and confidentiality of the system and its data. Organizations utilizing this version of Aspera Orchestrator should prioritize applying available patches and implement monitoring procedures to safeguard against potential attacks.",IBM,Aspera Orchestrator,8.8,HIGH,0.0005200000014156103,false,,false,false,false,,,false,false,,2024-05-03T16:15:00.000Z,0
CVE-2023-37397,https://securityvulnerability.io/vulnerability/CVE-2023-37397,Aspera Faspex Vulnerability: Local User Access to Sensitive Data,"IBM Aspera Faspex versions 5.0.0 through 5.0.7 are susceptible to a vulnerability that permits local users to gain unauthorized access to sensitive information. This issue arises from the improper encryption of certain types of data, which can lead to potential data exposure and modification. Users of affected versions are advised to implement necessary security measures and apply patches to mitigate the risks associated with this vulnerability. For detailed guidance and updates, refer to IBM's official advisory.",IBM,Aspera Faspex,4.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-19T17:15:00.000Z,0
CVE-2023-27279,https://securityvulnerability.io/vulnerability/CVE-2023-27279,Aspera Faspex 5.0.0-5.0.7 Denial of Service Vulnerability,"IBM Aspera Faspex versions 5.0.0 through 5.0.7 exhibit a vulnerability that may lead to a denial of service due to inadequate API rate limiting measures. This flaw could allow attackers to exploit the system by generating excessive requests, potentially resulting in disrupted services for users. Organizations utilizing affected versions should assess their security posture and consider implementing additional controls to mitigate risks associated with this vulnerability.",IBM,Aspera Faspex,6.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-04-19T17:15:00.000Z,0
CVE-2022-40745,https://securityvulnerability.io/vulnerability/CVE-2022-40745,Weaker than expected security in Aspera Faspex 5.0.0-5.0.7 could lead to sensitive information disclosure,"IBM Aspera Faspex versions 5.0.0 through 5.0.7 contain a significant vulnerability that allows local users to access sensitive information due to insufficient security controls. This issue poses potential risks for data confidentiality and system integrity, enabling unauthorized users to exploit weaker security measures. Organizations using these versions should take proactive steps to mitigate the risks associated with this vulnerability.",IBM,Aspera Faspex,5.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-19T17:01:38.927Z,0
CVE-2023-37396,https://securityvulnerability.io/vulnerability/CVE-2023-37396,Aspera Faspex Vulnerability Could Leak Sensitive Information,IBM Aspera Faspex versions 5.0.0 to 5.0.7 may be susceptible to a security issue where improper encryption practices might allow a local user to access sensitive information. This vulnerability underscores the importance of robust encryption in protecting data integrity and confidentiality within software applications.,IBM,Aspera Faspex,5.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-19T16:15:00.000Z,0