CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27279 – IBM Aspera Faspex denial of service
https://notcve.org/view.php?id=CVE-2023-27279
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a user to cause a denial of service due to missing API rate limiting. IBM X-Force ID: 248533. IBM Aspera Faspex 5.0.0 a 5.0.7 podría permitir que un usuario provoque una denegación de servicio debido a la falta de limitación de velocidad de API. ID de IBM X-Force: 248533. • https://exchange.xforce.ibmcloud.com/vulnerabilities/248533 https://www.ibm.com/support/pages/node/7148632 • CWE-799: Improper Control of Interaction Frequency •
CVSS: 2.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37396 – IBM Aspera Faspex information disclosure
https://notcve.org/view.php?id=CVE-2023-37396
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certain data. IBM X-Force ID: 259671. IBM Aspera Faspex 5.0.0 a 5.0.7 podría permitir que un usuario local obtenga información confidencial debido a un cifrado inadecuado de ciertos datos. ID de IBM X-Force: 259671. • https://exchange.xforce.ibmcloud.com/vulnerabilities/259671 https://www.ibm.com/support/pages/node/7148632 • CWE-312: Cleartext Storage of Sensitive Information CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22869 – IBM Aspera Faspex information disclosure
https://notcve.org/view.php?id=CVE-2023-22869
IBM Aspera Faspex 5.0.0 through 5.0.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 244119. IBM Aspera Faspex 5.0.0 a 5.0.7 almacena información potencialmente confidencial en archivos de registro que un usuario local podría leer. ID de IBM X-Force: 244119. • https://exchange.xforce.ibmcloud.com/vulnerabilities/244119 https://www.ibm.com/support/pages/node/7148632 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37400 – IBM Aspera Faspex privilege escalation
https://notcve.org/view.php?id=CVE-2023-37400
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to escalate their privileges due to insecure credential storage. IBM X-Force ID: 259677. IBM Aspera Faspex 5.0.0 a 5.0.7 podría permitir a un usuario local escalar sus privilegios debido a un almacenamiento de credenciales inseguro. ID de IBM X-Force: 259677. • https://exchange.xforce.ibmcloud.com/vulnerabilities/259677 https://www.ibm.com/support/pages/node/7148631 • CWE-522: Insufficiently Protected Credentials •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22329 – IBM WebSphere Application Server server-side request forgery
https://notcve.org/view.php?id=CVE-2024-22329
IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, an attacker could exploit this vulnerability to conduct the SSRF attack. X-Force ID: 279951. IBM WebSphere Application Server 8.5, 9.0 e IBM WebSphere Application Server Liberty 17.0.0.3 a 24.0.0.3 son vulnerables a server-side request forgery (SSRF). Al enviar una solicitud especialmente manipulada, un atacante podría aprovechar esta vulnerabilidad para realizar el ataque SSRF. • https://exchange.xforce.ibmcloud.com/vulnerabilities/279951 https://www.ibm.com/support/pages/node/7148380 • CWE-918: Server-Side Request Forgery (SSRF) •