CVE-2023-37397 – IBM Aspera Faspex data manipulation
https://notcve.org/view.php?id=CVE-2023-37397
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain or modify sensitive information due to improper encryption of certain data. IBM X-Force ID: 259672. IBM Aspera Faspex 5.0.0 a 5.0.7 podría permitir que un usuario local obtenga o modifique información confidencial debido a un cifrado inadecuado de ciertos datos. ID de IBM X-Force: 259672. • https://exchange.xforce.ibmcloud.com/vulnerabilities/259672 https://www.ibm.com/support/pages/node/7148632 • CWE-326: Inadequate Encryption Strength •
CVE-2023-27279 – IBM Aspera Faspex denial of service
https://notcve.org/view.php?id=CVE-2023-27279
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a user to cause a denial of service due to missing API rate limiting. IBM X-Force ID: 248533. IBM Aspera Faspex 5.0.0 a 5.0.7 podría permitir que un usuario provoque una denegación de servicio debido a la falta de limitación de velocidad de API. ID de IBM X-Force: 248533. • https://exchange.xforce.ibmcloud.com/vulnerabilities/248533 https://www.ibm.com/support/pages/node/7148632 • CWE-799: Improper Control of Interaction Frequency •
CVE-2023-37396 – IBM Aspera Faspex information disclosure
https://notcve.org/view.php?id=CVE-2023-37396
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certain data. IBM X-Force ID: 259671. IBM Aspera Faspex 5.0.0 a 5.0.7 podría permitir que un usuario local obtenga información confidencial debido a un cifrado inadecuado de ciertos datos. ID de IBM X-Force: 259671. • https://exchange.xforce.ibmcloud.com/vulnerabilities/259671 https://www.ibm.com/support/pages/node/7148632 • CWE-312: Cleartext Storage of Sensitive Information CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVE-2023-22869 – IBM Aspera Faspex information disclosure
https://notcve.org/view.php?id=CVE-2023-22869
IBM Aspera Faspex 5.0.0 through 5.0.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 244119. IBM Aspera Faspex 5.0.0 a 5.0.7 almacena información potencialmente confidencial en archivos de registro que un usuario local podría leer. ID de IBM X-Force: 244119. • https://exchange.xforce.ibmcloud.com/vulnerabilities/244119 https://www.ibm.com/support/pages/node/7148632 • CWE-532: Insertion of Sensitive Information into Log File •
CVE-2023-37400 – IBM Aspera Faspex privilege escalation
https://notcve.org/view.php?id=CVE-2023-37400
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to escalate their privileges due to insecure credential storage. IBM X-Force ID: 259677. IBM Aspera Faspex 5.0.0 a 5.0.7 podría permitir a un usuario local escalar sus privilegios debido a un almacenamiento de credenciales inseguro. ID de IBM X-Force: 259677. • https://exchange.xforce.ibmcloud.com/vulnerabilities/259677 https://www.ibm.com/support/pages/node/7148631 • CWE-522: Insufficiently Protected Credentials •