CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-40744 – IBM Aspera Faspex cross-site scripting
https://notcve.org/view.php?id=CVE-2022-40744
IBM Aspera Faspex 5.0.6 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236441. IBM Aspera Faspex 5.0.6 es vulnerable a cross-site scripting almacenado. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/236441 https://www.ibm.com/support/pages/node/7111778 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-22402 – IBM Aspera Faspex cross-site scripting
https://notcve.org/view.php?id=CVE-2022-22402
IBM Aspera Faspex 5.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 222571. IBM Aspera Faspex 5.0.5 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría provocar la divulgación de credenciales dentro de una sesión de confianza. • https://exchange.xforce.ibmcloud.com/vulnerabilities/222571 https://www.ibm.com/support/pages/node/7029681 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-22401 – IBM Aspera Faspex information disclosure
https://notcve.org/view.php?id=CVE-2022-22401
IBM Aspera Faspex 5.0.5 could allow a remote attacker to gather or persuade a naive user to supply sensitive information. IBM X-Force ID: 222567. IBM Aspera Faspex 5.0.5 podría permitir a un atacante remoto recopilar o persuadir a un usuario ingenuo para que proporcione información sensible. ID de IBM X-Force: 222567. • https://exchange.xforce.ibmcloud.com/vulnerabilities/222567 https://www.ibm.com/support/pages/node/7029681 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-22409 – IBM Aspera Faspex information disclosure
https://notcve.org/view.php?id=CVE-2022-22409
IBM Aspera Faspex 5.0.5 could allow a remote attacker to gather sensitive information about the web application, caused by an insecure configuration. IBM X-Force ID: 222592. IBM Aspera Faspex 5.0.5 podría permitir a un atacante remoto recopilar información confidencial sobre la aplicación web, causada por una configuración insegura. ID de IBM X-Force: 222592. • https://exchange.xforce.ibmcloud.com/vulnerabilities/222592 https://www.ibm.com/support/pages/node/7029681 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-30995 – IBM Aspera Faspex improper access control
https://notcve.org/view.php?id=CVE-2023-30995
IBM Aspera Faspex 4.0 through 4.4.2 and 5.0 through 5.0.5 could allow a malicious actor to bypass IP whitelist restrictions using a specially crafted HTTP request. IBM X-Force ID: 254268. IBM Aspera Faspex 5.0.5 podría permitir a un actor malicioso eludir las restricciones de la lista blanca de IPs utilizando una solicitud HTTP especialmente manipulada. ID de IBM X-Force: 254268. • https://exchange.xforce.ibmcloud.com/vulnerabilities/254268 https://www.ibm.com/support/pages/node/7029681 https://www.ibm.com/support/pages/node/7048851 • CWE-863: Incorrect Authorization •