cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-35907,https://securityvulnerability.io/vulnerability/CVE-2023-35907,Weak Password Policy in IBM Aspera Faspex Affects User Account Security,"IBM Aspera Faspex versions 5.0.0 to 5.0.10 are impacted by a vulnerability that stems from a default configuration allowing weak password requirements. This oversight enables attackers to exploit user accounts more easily, posing significant risks to account security and integrity. Organizations using these versions should assess their configurations and implement strong password policies to safeguard their systems.",IBM,Aspera Faspex,9.8,CRITICAL,0.0008699999889358878,false,,false,false,false,,false,false,false,,2025-01-29T16:37:06.966Z,0
CVE-2023-37413,https://securityvulnerability.io/vulnerability/CVE-2023-37413,Information Disclosure Vulnerability in IBM Aspera Faspex by IBM,IBM Aspera Faspex version 5.0.0 through 5.0.10 is susceptible to a vulnerability that allows for the disclosure of sensitive username information. This issue arises from a detectable response discrepancy that attackers might exploit to gain unauthorized access to user credentials. Users of the affected versions should implement necessary patches to safeguard against potential breaches.,IBM,Aspera Faspex,5.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-01-29T16:36:24.872Z,0
CVE-2023-37398,https://securityvulnerability.io/vulnerability/CVE-2023-37398,Account Compromise Risk in IBM Aspera Faspex by Weak Password Policy,"The IBM Aspera Faspex application versions 5.0.0 through 5.0.10 are susceptible to a vulnerability that allows users to set weak passwords by default. This lack of enforced password strength can lead to increased risk of unauthorized access, as attackers may exploit this weakness to compromise user accounts. Organizations using these versions should review their password policies and consider implementing stronger authentication measures to mitigate potential risks.",IBM,Aspera Faspex,9.8,CRITICAL,0.0008699999889358878,false,,false,false,false,,false,false,false,,2025-01-29T16:35:45.779Z,0
CVE-2023-37412,https://securityvulnerability.io/vulnerability/CVE-2023-37412,Access Control Flaw in IBM Aspera Faspex Affects Multiple Versions,"An access control vulnerability in IBM Aspera Faspex versions 5.0.0 through 5.0.10 may enable a privileged user to execute unauthorized system changes, bypassing established access controls. This can lead to significant security risks as systems may be altered without the necessary oversight or permissions.",IBM,Aspera Faspex,4.9,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-01-29T16:34:55.809Z,0
CVE-2023-37395,https://securityvulnerability.io/vulnerability/CVE-2023-37395,Local User Could Access Sensitive Data Due to Insufficient Encryption,"IBM Aspera Faspex versions 5.0.0 to 5.0.7 are influenced by a security flaw that can permit local users to gain unauthorized access to sensitive information. This vulnerability arises from improper encryption mechanisms utilized within the application, leading to potential data exposure. Organizations using the affected versions are urged to review their security measures and apply recommended updates to mitigate risks associated with this vulnerability.",IBM,Aspera Faspex,3.3,LOW,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-11T02:49:38.428Z,0
CVE-2024-45098,https://securityvulnerability.io/vulnerability/CVE-2024-45098,Potential Security Vulnerability in IBM Aspera Faspex 5.0.0-5.0.9 Allows Unauthorized Access Restrictions Bypass,"IBM Aspera Faspex versions 5.0.0 through 5.0.9 are susceptible to a vulnerability where an attacker could potentially bypass established access restrictions. This weakness may enable unauthorized users to modify resources within the application, posing risks to data integrity and security. Organizations using affected versions are encouraged to review their security configurations and apply any necessary updates to mitigate potential impacts.",IBM,Aspera Faspex,8.1,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-09-05T16:15:00.000Z,0
CVE-2024-45097,https://securityvulnerability.io/vulnerability/CVE-2024-45097,Bypassing Access Restrictions and Modifying Resources,"IBM Aspera Faspex versions 5.0.0 through 5.0.9 are affected by a vulnerability that allows users to bypass intended access restrictions. This flaw can lead to unauthorized resource modification, potentially compromising the integrity of the data and operations managed through this application. The issue necessitates immediate attention to ensure secure access controls and protect sensitive information.",IBM,Aspera Faspex,7.1,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-09-05T16:15:00.000Z,0
CVE-2024-45096,https://securityvulnerability.io/vulnerability/CVE-2024-45096,IBM Aspera Faspex Vulnerability: Sensitive Information at Risk,"The IBM Aspera Faspex versions 5.0.0 through 5.0.9 are susceptible to an information disclosure vulnerability that may allow a user with access to the system to retrieve sensitive data via a directory listing. This vulnerability poses potential risks to data confidentiality and integrity, making it crucial for users to apply security best practices and updates to mitigate exposure.",IBM,Aspera Faspex,6.5,MEDIUM,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-09-05T16:15:00.000Z,0
CVE-2023-37411,https://securityvulnerability.io/vulnerability/CVE-2023-37411,Aspera Faspex vulnerable to Cross-Site Scripting (XSS),IBM Aspera Faspex versions 5.0.0 through 5.0.6 are affected by a cross-site scripting vulnerability that allows an attacker to embed arbitrary JavaScript code in the web user interface. This exploitation can alter the intended functionality of the application and may result in unauthorized access to user credentials during trusted sessions. Preventive measures should be taken to secure applications against such vulnerabilities.,IBM,Aspera Faspex,5.4,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-05-28T12:06:05.023Z,0
CVE-2023-27279,https://securityvulnerability.io/vulnerability/CVE-2023-27279,Aspera Faspex 5.0.0-5.0.7 Denial of Service Vulnerability,"IBM Aspera Faspex versions 5.0.0 through 5.0.7 exhibit a vulnerability that may lead to a denial of service due to inadequate API rate limiting measures. This flaw could allow attackers to exploit the system by generating excessive requests, potentially resulting in disrupted services for users. Organizations utilizing affected versions should assess their security posture and consider implementing additional controls to mitigate risks associated with this vulnerability.",IBM,Aspera Faspex,6.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-04-19T17:15:00.000Z,0
CVE-2023-37397,https://securityvulnerability.io/vulnerability/CVE-2023-37397,Aspera Faspex Vulnerability: Local User Access to Sensitive Data,"IBM Aspera Faspex versions 5.0.0 through 5.0.7 are susceptible to a vulnerability that permits local users to gain unauthorized access to sensitive information. This issue arises from the improper encryption of certain types of data, which can lead to potential data exposure and modification. Users of affected versions are advised to implement necessary security measures and apply patches to mitigate the risks associated with this vulnerability. For detailed guidance and updates, refer to IBM's official advisory.",IBM,Aspera Faspex,4.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-19T17:15:00.000Z,0
CVE-2022-40745,https://securityvulnerability.io/vulnerability/CVE-2022-40745,Weaker than expected security in Aspera Faspex 5.0.0-5.0.7 could lead to sensitive information disclosure,"IBM Aspera Faspex versions 5.0.0 through 5.0.7 contain a significant vulnerability that allows local users to access sensitive information due to insufficient security controls. This issue poses potential risks for data confidentiality and system integrity, enabling unauthorized users to exploit weaker security measures. Organizations using these versions should take proactive steps to mitigate the risks associated with this vulnerability.",IBM,Aspera Faspex,5.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-19T17:01:38.927Z,0
CVE-2023-37396,https://securityvulnerability.io/vulnerability/CVE-2023-37396,Aspera Faspex Vulnerability Could Leak Sensitive Information,IBM Aspera Faspex versions 5.0.0 to 5.0.7 may be susceptible to a security issue where improper encryption practices might allow a local user to access sensitive information. This vulnerability underscores the importance of robust encryption in protecting data integrity and confidentiality within software applications.,IBM,Aspera Faspex,5.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-19T16:15:00.000Z,0
CVE-2023-22869,https://securityvulnerability.io/vulnerability/CVE-2023-22869,Aspera Faspex Log File Vulnerability,"IBM Aspera Faspex versions 5.0.0 through 5.0.7 are susceptible to a vulnerability that enables local users to access potentially sensitive information stored in log files. This exposure can lead to unauthorized access to confidential data, raising concerns about the integrity and security of user information. Organizations utilizing this software must consider implementing measures to secure log file management practices to safeguard against potential internal threats.",IBM,Aspera Faspex,5.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-19T16:15:00.000Z,0
CVE-2023-37400,https://securityvulnerability.io/vulnerability/CVE-2023-37400,Privilege Escalation Vulnerability in IBM Aspera Faspex,"IBM Aspera Faspex versions 5.0.0 through 5.0.7 are susceptible to a vulnerability that enables local users to escalate their privileges. This issue arises from the insecure storage of credentials, which could be exploited by malicious parties to gain elevated access within the system. Organizations utilizing affected versions should take immediate steps to review their security practices and implement necessary patches to mitigate potential risks associated with unauthorized access.",IBM,Aspera Faspex,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-19T14:15:00.000Z,0
CVE-2022-22399,https://securityvulnerability.io/vulnerability/CVE-2022-22399,Aspera Faspex Vulnerable to HTTP Header Injection,"A vulnerability exists in IBM Aspera Faspex 5.0.0 and 5.0.1 due to inadequate validation of the HOST headers, potentially allowing attackers to perform various malicious actions. Exploitation of this vulnerability can lead to serious threats such as cross-site scripting attacks, where sensitive user information can be hijacked, cache poisoning that disrupts normal operations, and unauthorized session hijacking, which compromises user sessions and data integrity. It is essential for users and administrators to address this issue promptly by applying necessary patches and updates to safeguard their systems.",IBM,Aspera Faspex,6.5,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-03-05T19:58:53.516Z,0
CVE-2022-40744,https://securityvulnerability.io/vulnerability/CVE-2022-40744,IBM Aspera Faspex cross-site scripting,The stored cross-site scripting vulnerability present in IBM Aspera Faspex 5.0.6 poses significant security risks by allowing attackers to inject arbitrary JavaScript code into the Web UI. This manipulation alters the application's intended functionality and can lead to the unauthorized disclosure of user credentials within trusted sessions. Proper input validation and sanitization measures are crucial to mitigate such vulnerabilities.,IBM,Aspera Faspex,4.8,MEDIUM,0.0004799999878741801,false,,false,false,false,,,false,false,,2024-02-02T03:08:11.780Z,0
CVE-2022-22402,https://securityvulnerability.io/vulnerability/CVE-2022-22402,IBM Aspera Faspex cross-site scripting,IBM Aspera Faspex 5.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  222571.,IBM,Aspera Faspex,5.4,MEDIUM,0.0004799999878741801,false,,false,false,false,,,false,false,,2023-09-08T21:22:48.458Z,0
CVE-2022-22401,https://securityvulnerability.io/vulnerability/CVE-2022-22401,IBM Aspera Faspex information disclosure,IBM Aspera Faspex 5.0.5 could allow a remote attacker to gather or persuade a naive user to supply sensitive information.  IBM X-Force ID:  222567.,IBM,Aspera Faspex,5.9,MEDIUM,0.0011599999852478504,false,,false,false,false,,,false,false,,2023-09-08T21:21:08.972Z,0
CVE-2022-22409,https://securityvulnerability.io/vulnerability/CVE-2022-22409,IBM Aspera Faspex information disclosure,"IBM Aspera Faspex 5.0.5 could allow a remote attacker to gather sensitive information about the web application, caused by an insecure configuration.  IBM X-Force ID:  222592.",IBM,Aspera Faspex,5.3,MEDIUM,0.000910000002477318,false,,false,false,false,,,false,false,,2023-09-08T21:19:00.311Z,0
CVE-2023-30995,https://securityvulnerability.io/vulnerability/CVE-2023-30995,IBM Aspera Faspex improper access control,"IBM Aspera Faspex versions 4.0 to 4.4.2 and 5.0 to 5.0.5 contain a vulnerability that could allow attackers to bypass IP whitelist restrictions by sending specially crafted HTTP requests. This flaw could enable unauthorized access, highlighting the importance of applying security updates promptly to safeguard your systems.",IBM,Aspera Faspex,7.5,HIGH,0.0011099999537691474,false,,false,false,false,,,false,false,,2023-09-08T21:15:00.000Z,0
CVE-2023-24965,https://securityvulnerability.io/vulnerability/CVE-2023-24965,IBM Aspera Faspex improper access control,IBM Aspera Faspex 5.0.5 does not restrict or incorrectly restricts access to a resource from an unauthorized actor.  IBM X-Force ID:  246713.,IBM,Aspera Faspex,5.8,MEDIUM,0.0006200000061653554,false,,false,false,false,,,false,false,,2023-09-08T21:15:00.000Z,0
CVE-2022-22405,https://securityvulnerability.io/vulnerability/CVE-2022-22405,IBM Aspera Faspex information disclosure,"IBM Aspera Faspex 5.0.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.  IBM X-Force ID:  222576.",IBM,Aspera Faspex,5.9,MEDIUM,0.0010300000431016088,false,,false,false,false,,,false,false,,2023-09-08T20:12:02.057Z,0
CVE-2023-35906,https://securityvulnerability.io/vulnerability/CVE-2023-35906,IBM Aspera Faspex security bypass,"IBM Aspera Faspex 5.0.5 has been identified with a vulnerability that allows remote attackers to circumvent IP restrictions due to insufficient access control mechanisms. This poses a risk of unauthorized access to sensitive data and services, making it critical for users to assess their risk management strategies and consider implementing patches provided by IBM.",IBM,Aspera Faspex,7.5,HIGH,0.0008500000112690032,false,,false,false,false,,,false,false,,2023-09-05T01:15:00.000Z,0
CVE-2023-22870,https://securityvulnerability.io/vulnerability/CVE-2023-22870,IBM Aspera Faspex information disclosure,IBM Aspera Faspex 5.0.5 transmits sensitive information in cleartext which could be obtained by an attacker using man in the middle techniques.  IBM X-Force ID:  244121.,IBM,Aspera Faspex,5.9,MEDIUM,0.000910000002477318,false,,false,false,false,,,false,false,,2023-09-05T01:15:00.000Z,0