NotCVE - vendor:"IBM" product:"Aspera Faspex" version:" >= 5.0.0 <= 5.0.10"

Page 2 of 26 results (0.013 seconds)

CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-37397 – IBM Aspera Faspex data manipulation

https://notcve.org/view.php?id=CVE-2023-37397

19 Apr 2024 — IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain or modify sensitive information due to improper encryption of certain data. IBM X-Force ID: 259672. IBM Aspera Faspex 5.0.0 a 5.0.7 podría permitir que un usuario local obtenga o modifique información confidencial debido a un cifrado inadecuado de ciertos datos. ID de IBM X-Force: 259672. • https://exchange.xforce.ibmcloud.com/vulnerabilities/259672 • CWE-326: Inadequate Encryption Strength •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-27279 – IBM Aspera Faspex denial of service

https://notcve.org/view.php?id=CVE-2023-27279

19 Apr 2024 — IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a user to cause a denial of service due to missing API rate limiting. IBM X-Force ID: 248533. IBM Aspera Faspex 5.0.0 a 5.0.7 podría permitir que un usuario provoque una denegación de servicio debido a la falta de limitación de velocidad de API. ID de IBM X-Force: 248533. • https://exchange.xforce.ibmcloud.com/vulnerabilities/248533 • CWE-799: Improper Control of Interaction Frequency •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-37396 – IBM Aspera Faspex information disclosure

https://notcve.org/view.php?id=CVE-2023-37396

19 Apr 2024 — IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certain data. IBM X-Force ID: 259671. IBM Aspera Faspex 5.0.0 a 5.0.7 podría permitir que un usuario local obtenga información confidencial debido a un cifrado inadecuado de ciertos datos. ID de IBM X-Force: 259671. • https://exchange.xforce.ibmcloud.com/vulnerabilities/259671 • CWE-312: Cleartext Storage of Sensitive Information CWE-327: Use of a Broken or Risky Cryptographic Algorithm •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-22869 – IBM Aspera Faspex information disclosure

https://notcve.org/view.php?id=CVE-2023-22869

19 Apr 2024 — IBM Aspera Faspex 5.0.0 through 5.0.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 244119. IBM Aspera Faspex 5.0.0 a 5.0.7 almacena información potencialmente confidencial en archivos de registro que un usuario local podría leer. ID de IBM X-Force: 244119. • https://exchange.xforce.ibmcloud.com/vulnerabilities/244119 • CWE-532: Insertion of Sensitive Information into Log File •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-37400 – IBM Aspera Faspex privilege escalation

https://notcve.org/view.php?id=CVE-2023-37400

19 Apr 2024 — IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to escalate their privileges due to insecure credential storage. IBM X-Force ID: 259677. IBM Aspera Faspex 5.0.0 a 5.0.7 podría permitir a un usuario local escalar sus privilegios debido a un almacenamiento de credenciales inseguro. ID de IBM X-Force: 259677. • https://exchange.xforce.ibmcloud.com/vulnerabilities/259677 • CWE-522: Insufficiently Protected Credentials •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-40744 – IBM Aspera Faspex cross-site scripting

https://notcve.org/view.php?id=CVE-2022-40744

02 Feb 2024 — IBM Aspera Faspex 5.0.6 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236441. IBM Aspera Faspex 5.0.6 es vulnerable a cross-site scripting almacenado. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad previst... • https://exchange.xforce.ibmcloud.com/vulnerabilities/236441 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2022-22402 – IBM Aspera Faspex cross-site scripting

https://notcve.org/view.php?id=CVE-2022-22402

08 Sep 2023 — IBM Aspera Faspex 5.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 222571. IBM Aspera Faspex 5.0.5 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que po... • https://exchange.xforce.ibmcloud.com/vulnerabilities/222571 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2022-22401 – IBM Aspera Faspex information disclosure

https://notcve.org/view.php?id=CVE-2022-22401

08 Sep 2023 — IBM Aspera Faspex 5.0.5 could allow a remote attacker to gather or persuade a naive user to supply sensitive information. IBM X-Force ID: 222567. IBM Aspera Faspex 5.0.5 podría permitir a un atacante remoto recopilar o persuadir a un usuario ingenuo para que proporcione información sensible. ID de IBM X-Force: 222567. • https://exchange.xforce.ibmcloud.com/vulnerabilities/222567 • CWE-311: Missing Encryption of Sensitive Data •

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

CVE-2022-22409 – IBM Aspera Faspex information disclosure

https://notcve.org/view.php?id=CVE-2022-22409

08 Sep 2023 — IBM Aspera Faspex 5.0.5 could allow a remote attacker to gather sensitive information about the web application, caused by an insecure configuration. IBM X-Force ID: 222592. IBM Aspera Faspex 5.0.5 podría permitir a un atacante remoto recopilar información confidencial sobre la aplicación web, causada por una configuración insegura. ID de IBM X-Force: 222592. • https://exchange.xforce.ibmcloud.com/vulnerabilities/222592 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2023-30995 – IBM Aspera Faspex improper access control

https://notcve.org/view.php?id=CVE-2023-30995

08 Sep 2023 — IBM Aspera Faspex 4.0 through 4.4.2 and 5.0 through 5.0.5 could allow a malicious actor to bypass IP whitelist restrictions using a specially crafted HTTP request. IBM X-Force ID: 254268. IBM Aspera Faspex 5.0.5 podría permitir a un actor malicioso eludir las restricciones de la lista blanca de IPs utilizando una solicitud HTTP especialmente manipulada. ID de IBM X-Force: 254268. • https://exchange.xforce.ibmcloud.com/vulnerabilities/254268 • CWE-863: Incorrect Authorization •

1 2 3