CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-27285 – IBM Aspera buffer overflow
https://notcve.org/view.php?id=CVE-2023-27285
IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 is vulnerable to a buffer overflow, caused by improper bounds checking. An attacker could overflow a buffer and execute arbitrary code on the system. IBM X-Force ID: 248625. IBM Aspera Connect v4.2.5 e IBM Aspera Cargo v4.2.5 son vulnerables a un desbordamiento de búfer, causado por una comprobación de límites incorrecta. Un atacante podría desbordar un búfer y ejecutar código arbitrario en el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/248625 https://www.ibm.com/support/pages/node/7001053 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-22862 – IBM Aspera information disclosure
https://notcve.org/view.php?id=CVE-2023-22862
IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 transmits authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. IBM X-Force ID: 244107. IBM Aspera Connect e IBM Aspera Cargo 4.2.5 transmite credenciales de autenticación, pero utiliza un método inseguro que es susceptible de ser interceptado y/o recuperado sin autorización. IBM X-Force ID: 244107 IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 transmits authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. • https://exchange.xforce.ibmcloud.com/vulnerabilities/244107 https://www.ibm.com/support/pages/node/7001053 • CWE-522: Insufficiently Protected Credentials CWE-523: Unprotected Transport of Credentials •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-27286 – IBM Aspera code execution
https://notcve.org/view.php?id=CVE-2023-27286
IBM Aspera Cargo 4.2.5 and IBM Aspera Connect 4.2.5 are vulnerable to a buffer overflow, caused by improper bounds checking. An attacker could overflow a buffer and execute arbitrary code on the system. IBM X-Force ID: 248616. • https://exchange.xforce.ibmcloud.com/vulnerabilities/248627 https://www.ibm.com/support/pages/node/6966588 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-27284 – IBM Aspera code execution
https://notcve.org/view.php?id=CVE-2023-27284
IBM Aspera Cargo 4.2.5 and IBM Aspera Connect 4.2.5 are vulnerable to a buffer overflow, caused by improper bounds checking. An attacker could overflow a buffer and execute arbitrary code on the system. IBM X-Force ID: 248616. • https://exchange.xforce.ibmcloud.com/vulnerabilities/248616 https://www.ibm.com/support/pages/node/6966588 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4545
https://notcve.org/view.php?id=CVE-2020-4545
IBM Aspera Connect 3.9.9 could allow a remote attacker to execute arbitrary code on the system, caused by improper loading of Dynamic Link Libraries by the import feature. By persuading a victim to open a specially-crafted .DLL file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 183190. IBM Aspera Connect versión 3.9.9, podría permitir a un atacante remoto ejecutar código arbitrario en el sistema, causado por la carga inapropiada de una Biblioteca de Enlace Dinámicos mediante la funcionalidad de importación. Al persuadir a una víctima para que abra un archivo .DLL especialmente diseñado, un atacante podría explotar esta vulnerabilidad para ejecutar código arbitrario en el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/183190 https://www.ibm.com/support/pages/node/6326537 • CWE-426: Untrusted Search Path •