Page 4 of 21 results (0.013 seconds)

CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 0

IBM Aspera Faspex 5.0.5 does not restrict or incorrectly restricts access to a resource from an unauthorized actor. IBM X-Force ID: 246713. IBM Aspera Faspex 5.0.5 no restringe ni restringe incorrectamente el acceso a un recurso de un actor no autorizado. ID de IBM X-Force: 246713. • https://exchange.xforce.ibmcloud.com/vulnerabilities/246713 https://www.ibm.com/support/pages/node/7029681 • CWE-668: Exposure of Resource to Wrong Sphere •

CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0

IBM Aspera Faspex 5.0.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 222576. IBM Aspera Faspex 5.0.5 podría permitir a un atacante remoto obtener información confidencial, causada por el error al habilitar correctamente HTTP Strict Transport Security. Un atacante podría aprovechar esta vulnerabilidad para obtener información sensbile mediante técnicas de man-in-the-middle. • https://exchange.xforce.ibmcloud.com/vulnerabilities/222576 https://www.ibm.com/support/pages/node/7029681 • CWE-311: Missing Encryption of Sensitive Data •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

IBM Aspera Faspex 5.0.5 could allow a remote attacked to bypass IP restrictions due to improper access controls. IBM X-Force ID: 259649. IBM Aspera Faspex v5.0.5 podría permitir a un atacante remoto saltarse las restricciones de IP debido a controles de acceso inadecuados. ID de IBM X-Force: 259649. • https://exchange.xforce.ibmcloud.com/vulnerabilities/259649 https://www.ibm.com/support/pages/node/7029681 • CWE-291: Reliance on IP Address for Authentication CWE-345: Insufficient Verification of Data Authenticity CWE-348: Use of Less Trusted Source •

CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0

IBM Aspera Faspex 5.0.5 transmits sensitive information in cleartext which could be obtained by an attacker using man in the middle techniques. IBM X-Force ID: 244121. IBM Aspera Faspex v5.0.5 transmite información sensible en texto claro que podría ser obtenida por un atacante utilizando técnicas de "man in the middle". IBM X-Force ID: 244121. • https://exchange.xforce.ibmcloud.com/vulnerabilities/244121 https://www.ibm.com/support/pages/node/7029681 • CWE-319: Cleartext Transmission of Sensitive Information •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

IBM Aspera Faspex 5.0.4 could allow a user to change other user's credentials due to improper access controls. IBM X-Force ID: 249847. • https://exchange.xforce.ibmcloud.com/vulnerabilities/249847 https://www.ibm.com/support/pages/node/6963662 •