CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45097 – IBM Aspera Faspex bypass security
https://notcve.org/view.php?id=CVE-2024-45097
IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification. • https://www.ibm.com/support/pages/node/7167255 • CWE-650: Trusting HTTP Permission Methods on the Server Side •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45096 – IBM Aspera Faspex information disclosure
https://notcve.org/view.php?id=CVE-2024-45096
IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user with access to the package to obtain sensitive information through a directory listing. • https://www.ibm.com/support/pages/node/7167255 • CWE-548: Exposure of Information Through Directory Listing •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45098 – IBM Aspera Faspex bypass security
https://notcve.org/view.php?id=CVE-2024-45098
IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification. • https://www.ibm.com/support/pages/node/7167255 • CWE-650: Trusting HTTP Permission Methods on the Server Side •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37411 – IBM Aspera Faspex cross-site scripting
https://notcve.org/view.php?id=CVE-2023-37411
IBM Aspera Faspex 5.0.0 through 5.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 260139. IBM Aspera Faspex 5.0.0 a 5.0.6 es vulnerable a Cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/260139 https://www.ibm.com/support/pages/node/7154977 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-40745 – IBM Aspera Faspex information disclosure
https://notcve.org/view.php?id=CVE-2022-40745
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to weaker than expected security. IBM X-Force ID: 236452. IBM Aspera Faspex 5.0.0 a 5.0.7 podría permitir que un usuario local obtenga información confidencial debido a una seguridad más débil de lo esperado. ID de IBM X-Force: 236452. • https://exchange.xforce.ibmcloud.com/vulnerabilities/236452 https://www.ibm.com/support/pages/node/7148632 • CWE-326: Inadequate Encryption Strength •