cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-37395,https://securityvulnerability.io/vulnerability/CVE-2023-37395,Local User Could Access Sensitive Data Due to Insufficient Encryption,"IBM Aspera Faspex versions 5.0.0 to 5.0.7 are influenced by a security flaw that can permit local users to gain unauthorized access to sensitive information. This vulnerability arises from improper encryption mechanisms utilized within the application, leading to potential data exposure. Organizations using the affected versions are urged to review their security measures and apply recommended updates to mitigate risks associated with this vulnerability.",IBM,Aspera Faspex,3.3,LOW,0.0004299999854993075,false,false,false,false,,false,false,2024-12-11T02:49:38.428Z,0
CVE-2024-45098,https://securityvulnerability.io/vulnerability/CVE-2024-45098,Potential Security Vulnerability in IBM Aspera Faspex 5.0.0-5.0.9 Allows Unauthorized Access Restrictions Bypass,"IBM Aspera Faspex versions 5.0.0 through 5.0.9 are susceptible to a vulnerability where an attacker could potentially bypass established access restrictions. This weakness may enable unauthorized users to modify resources within the application, posing risks to data integrity and security. Organizations using affected versions are encouraged to review their security configurations and apply any necessary updates to mitigate potential impacts.",IBM,Aspera Faspex,8.1,HIGH,0.0005000000237487257,false,false,false,false,,false,false,2024-09-05T16:15:00.000Z,0
CVE-2024-45097,https://securityvulnerability.io/vulnerability/CVE-2024-45097,Bypassing Access Restrictions and Modifying Resources,"IBM Aspera Faspex versions 5.0.0 through 5.0.9 are affected by a vulnerability that allows users to bypass intended access restrictions. This flaw can lead to unauthorized resource modification, potentially compromising the integrity of the data and operations managed through this application. The issue necessitates immediate attention to ensure secure access controls and protect sensitive information.",IBM,Aspera Faspex,7.1,HIGH,0.0004600000102072954,false,false,false,false,,false,false,2024-09-05T16:15:00.000Z,0
CVE-2024-45096,https://securityvulnerability.io/vulnerability/CVE-2024-45096,IBM Aspera Faspex Vulnerability: Sensitive Information at Risk,"The IBM Aspera Faspex versions 5.0.0 through 5.0.9 are susceptible to an information disclosure vulnerability that may allow a user with access to the system to retrieve sensitive data via a directory listing. This vulnerability poses potential risks to data confidentiality and integrity, making it crucial for users to apply security best practices and updates to mitigate exposure.",IBM,Aspera Faspex,6.5,MEDIUM,0.0004900000058114529,false,false,false,false,,false,false,2024-09-05T16:15:00.000Z,0
CVE-2023-37411,https://securityvulnerability.io/vulnerability/CVE-2023-37411,Aspera Faspex vulnerable to Cross-Site Scripting (XSS),IBM Aspera Faspex versions 5.0.0 through 5.0.6 are affected by a cross-site scripting vulnerability that allows an attacker to embed arbitrary JavaScript code in the web user interface. This exploitation can alter the intended functionality of the application and may result in unauthorized access to user credentials during trusted sessions. Preventive measures should be taken to secure applications against such vulnerabilities.,IBM,Aspera Faspex,5.4,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-05-28T12:06:05.023Z,0
CVE-2023-37397,https://securityvulnerability.io/vulnerability/CVE-2023-37397,Aspera Faspex Vulnerability: Local User Access to Sensitive Data,"IBM Aspera Faspex versions 5.0.0 through 5.0.7 are susceptible to a vulnerability that permits local users to gain unauthorized access to sensitive information. This issue arises from the improper encryption of certain types of data, which can lead to potential data exposure and modification. Users of affected versions are advised to implement necessary security measures and apply patches to mitigate the risks associated with this vulnerability. For detailed guidance and updates, refer to IBM's official advisory.",IBM,Aspera Faspex,4.4,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-04-19T17:15:00.000Z,0
CVE-2023-27279,https://securityvulnerability.io/vulnerability/CVE-2023-27279,Aspera Faspex 5.0.0-5.0.7 Denial of Service Vulnerability,"IBM Aspera Faspex versions 5.0.0 through 5.0.7 exhibit a vulnerability that may lead to a denial of service due to inadequate API rate limiting measures. This flaw could allow attackers to exploit the system by generating excessive requests, potentially resulting in disrupted services for users. Organizations utilizing affected versions should assess their security posture and consider implementing additional controls to mitigate risks associated with this vulnerability.",IBM,Aspera Faspex,6.5,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2024-04-19T17:15:00.000Z,0
CVE-2022-40745,https://securityvulnerability.io/vulnerability/CVE-2022-40745,Weaker than expected security in Aspera Faspex 5.0.0-5.0.7 could lead to sensitive information disclosure,"IBM Aspera Faspex versions 5.0.0 through 5.0.7 contain a significant vulnerability that allows local users to access sensitive information due to insufficient security controls. This issue poses potential risks for data confidentiality and system integrity, enabling unauthorized users to exploit weaker security measures. Organizations using these versions should take proactive steps to mitigate the risks associated with this vulnerability.",IBM,Aspera Faspex,5.5,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-04-19T17:01:38.927Z,0
CVE-2023-22869,https://securityvulnerability.io/vulnerability/CVE-2023-22869,Aspera Faspex Log File Vulnerability,"IBM Aspera Faspex versions 5.0.0 through 5.0.7 are susceptible to a vulnerability that enables local users to access potentially sensitive information stored in log files. This exposure can lead to unauthorized access to confidential data, raising concerns about the integrity and security of user information. Organizations utilizing this software must consider implementing measures to secure log file management practices to safeguard against potential internal threats.",IBM,Aspera Faspex,5.5,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-04-19T16:15:00.000Z,0
CVE-2023-37396,https://securityvulnerability.io/vulnerability/CVE-2023-37396,Aspera Faspex Vulnerability Could Leak Sensitive Information,IBM Aspera Faspex versions 5.0.0 to 5.0.7 may be susceptible to a security issue where improper encryption practices might allow a local user to access sensitive information. This vulnerability underscores the importance of robust encryption in protecting data integrity and confidentiality within software applications.,IBM,Aspera Faspex,5.5,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-04-19T16:15:00.000Z,0
CVE-2023-37400,https://securityvulnerability.io/vulnerability/CVE-2023-37400,Privilege Escalation Vulnerability in IBM Aspera Faspex,"IBM Aspera Faspex versions 5.0.0 through 5.0.7 are susceptible to a vulnerability that enables local users to escalate their privileges. This issue arises from the insecure storage of credentials, which could be exploited by malicious parties to gain elevated access within the system. Organizations utilizing affected versions should take immediate steps to review their security practices and implement necessary patches to mitigate potential risks associated with unauthorized access.",IBM,Aspera Faspex,7.8,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-04-19T14:15:00.000Z,0
CVE-2022-22399,https://securityvulnerability.io/vulnerability/CVE-2022-22399,Aspera Faspex Vulnerable to HTTP Header Injection,"A vulnerability exists in IBM Aspera Faspex 5.0.0 and 5.0.1 due to inadequate validation of the HOST headers, potentially allowing attackers to perform various malicious actions. Exploitation of this vulnerability can lead to serious threats such as cross-site scripting attacks, where sensitive user information can be hijacked, cache poisoning that disrupts normal operations, and unauthorized session hijacking, which compromises user sessions and data integrity. It is essential for users and administrators to address this issue promptly by applying necessary patches and updates to safeguard their systems.",IBM,Aspera Faspex,6.5,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-03-05T19:58:53.516Z,0
CVE-2022-40744,https://securityvulnerability.io/vulnerability/CVE-2022-40744,IBM Aspera Faspex cross-site scripting,The stored cross-site scripting vulnerability present in IBM Aspera Faspex 5.0.6 poses significant security risks by allowing attackers to inject arbitrary JavaScript code into the Web UI. This manipulation alters the application's intended functionality and can lead to the unauthorized disclosure of user credentials within trusted sessions. Proper input validation and sanitization measures are crucial to mitigate such vulnerabilities.,IBM,Aspera Faspex,4.8,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2024-02-02T03:08:11.780Z,0
CVE-2022-22402,https://securityvulnerability.io/vulnerability/CVE-2022-22402,IBM Aspera Faspex cross-site scripting,IBM Aspera Faspex 5.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  222571.,IBM,Aspera Faspex,5.4,MEDIUM,0.0004799999878741801,false,false,false,false,,false,false,2023-09-08T21:22:48.458Z,0
CVE-2022-22401,https://securityvulnerability.io/vulnerability/CVE-2022-22401,IBM Aspera Faspex information disclosure,IBM Aspera Faspex 5.0.5 could allow a remote attacker to gather or persuade a naive user to supply sensitive information.  IBM X-Force ID:  222567.,IBM,Aspera Faspex,5.9,MEDIUM,0.0011599999852478504,false,false,false,false,,false,false,2023-09-08T21:21:08.972Z,0
CVE-2022-22409,https://securityvulnerability.io/vulnerability/CVE-2022-22409,IBM Aspera Faspex information disclosure,"IBM Aspera Faspex 5.0.5 could allow a remote attacker to gather sensitive information about the web application, caused by an insecure configuration.  IBM X-Force ID:  222592.",IBM,Aspera Faspex,5.3,MEDIUM,0.000910000002477318,false,false,false,false,,false,false,2023-09-08T21:19:00.311Z,0
CVE-2023-24965,https://securityvulnerability.io/vulnerability/CVE-2023-24965,IBM Aspera Faspex improper access control,IBM Aspera Faspex 5.0.5 does not restrict or incorrectly restricts access to a resource from an unauthorized actor.  IBM X-Force ID:  246713.,IBM,Aspera Faspex,5.8,MEDIUM,0.0006200000061653554,false,false,false,false,,false,false,2023-09-08T21:15:00.000Z,0
CVE-2023-30995,https://securityvulnerability.io/vulnerability/CVE-2023-30995,IBM Aspera Faspex improper access control,"IBM Aspera Faspex versions 4.0 to 4.4.2 and 5.0 to 5.0.5 contain a vulnerability that could allow attackers to bypass IP whitelist restrictions by sending specially crafted HTTP requests. This flaw could enable unauthorized access, highlighting the importance of applying security updates promptly to safeguard your systems.",IBM,Aspera Faspex,7.5,HIGH,0.0011099999537691474,false,false,false,false,,false,false,2023-09-08T21:15:00.000Z,0
CVE-2022-22405,https://securityvulnerability.io/vulnerability/CVE-2022-22405,IBM Aspera Faspex information disclosure,"IBM Aspera Faspex 5.0.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.  IBM X-Force ID:  222576.",IBM,Aspera Faspex,5.9,MEDIUM,0.0010300000431016088,false,false,false,false,,false,false,2023-09-08T20:12:02.057Z,0
CVE-2023-35906,https://securityvulnerability.io/vulnerability/CVE-2023-35906,IBM Aspera Faspex security bypass,"IBM Aspera Faspex 5.0.5 has been identified with a vulnerability that allows remote attackers to circumvent IP restrictions due to insufficient access control mechanisms. This poses a risk of unauthorized access to sensitive data and services, making it critical for users to assess their risk management strategies and consider implementing patches provided by IBM.",IBM,Aspera Faspex,7.5,HIGH,0.0008500000112690032,false,false,false,false,,false,false,2023-09-05T01:15:00.000Z,0
CVE-2023-22870,https://securityvulnerability.io/vulnerability/CVE-2023-22870,IBM Aspera Faspex information disclosure,IBM Aspera Faspex 5.0.5 transmits sensitive information in cleartext which could be obtained by an attacker using man in the middle techniques.  IBM X-Force ID:  244121.,IBM,Aspera Faspex,5.9,MEDIUM,0.000910000002477318,false,false,false,false,,false,false,2023-09-05T01:15:00.000Z,0
CVE-2023-27873,https://securityvulnerability.io/vulnerability/CVE-2023-27873,IBM Aspera Faspex information disclosure,"
IBM Aspera Faspex 4.4.2 could allow a remote authenticated attacker to obtain sensitive credential information using specially crafted XML input. IBM X-Force ID: 249654.

",IBM,Aspera Faspex,6.5,MEDIUM,0.0009399999980814755,false,false,false,false,,false,false,2023-03-21T15:15:00.000Z,0
CVE-2023-27874,https://securityvulnerability.io/vulnerability/CVE-2023-27874,IBM Aspera Faspex XML external entity injection,"IBM Aspera Faspex 4.4.2 is susceptible to an XML external entity injection (XXE) vulnerability, allowing remote authenticated attackers to manipulate XML data processing. This exploitation may enable unauthorized execution of arbitrary commands on the server, posing significant security risks to users and their data. Proper attention to security practices is essential to mitigate the effects of this vulnerability.",IBM,Aspera Faspex,8.8,HIGH,0.0011500000255182385,false,false,false,false,,false,false,2023-03-21T15:15:00.000Z,0
CVE-2023-27871,https://securityvulnerability.io/vulnerability/CVE-2023-27871,IBM Aspera Faspex information disclosure,"IBM Aspera Faspex version 4.4.2 is susceptible to SQL injection, which enables remote attackers to execute crafted SQL queries. This flaw can lead to unauthorized access to sensitive credential information, potentially compromising external user accounts. Organizations utilizing this version of Aspera Faspex are strongly encouraged to apply security updates and implement proper input validation mechanisms to mitigate such vulnerabilities.",IBM,Aspera Faspex,7.5,HIGH,0.001339999958872795,false,false,false,false,,false,false,2023-03-21T15:15:00.000Z,0
CVE-2023-27875,https://securityvulnerability.io/vulnerability/CVE-2023-27875,IBM Aspera Faspex improper access controls,IBM Aspera Faspex version 5.0.4 presents a significant vulnerability where improper access controls can enable a user to alter another user's credentials. This flaw compromises user account security and poses risks to overall system integrity. Vigilance is necessary to ensure appropriate access restrictions are enforced.,IBM,Aspera Faspex,7.5,HIGH,0.0009500000160187483,false,false,false,false,,false,false,2023-03-16T13:15:00.000Z,0