CVE-2023-24965 – IBM Aspera Faspex improper access control
https://notcve.org/view.php?id=CVE-2023-24965
IBM Aspera Faspex 5.0.5 does not restrict or incorrectly restricts access to a resource from an unauthorized actor. IBM X-Force ID: 246713. IBM Aspera Faspex 5.0.5 no restringe ni restringe incorrectamente el acceso a un recurso de un actor no autorizado. ID de IBM X-Force: 246713. • https://exchange.xforce.ibmcloud.com/vulnerabilities/246713 https://www.ibm.com/support/pages/node/7029681 • CWE-668: Exposure of Resource to Wrong Sphere •
CVE-2022-22405 – IBM Aspera Faspex information disclosure
https://notcve.org/view.php?id=CVE-2022-22405
IBM Aspera Faspex 5.0.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 222576. IBM Aspera Faspex 5.0.5 podría permitir a un atacante remoto obtener información confidencial, causada por el error al habilitar correctamente HTTP Strict Transport Security. Un atacante podría aprovechar esta vulnerabilidad para obtener información sensbile mediante técnicas de man-in-the-middle. • https://exchange.xforce.ibmcloud.com/vulnerabilities/222576 https://www.ibm.com/support/pages/node/7029681 • CWE-311: Missing Encryption of Sensitive Data •
CVE-2023-35906 – IBM Aspera Faspex security bypass
https://notcve.org/view.php?id=CVE-2023-35906
IBM Aspera Faspex 5.0.5 could allow a remote attacked to bypass IP restrictions due to improper access controls. IBM X-Force ID: 259649. IBM Aspera Faspex v5.0.5 podría permitir a un atacante remoto saltarse las restricciones de IP debido a controles de acceso inadecuados. ID de IBM X-Force: 259649. • https://exchange.xforce.ibmcloud.com/vulnerabilities/259649 https://www.ibm.com/support/pages/node/7029681 • CWE-291: Reliance on IP Address for Authentication CWE-345: Insufficient Verification of Data Authenticity CWE-348: Use of Less Trusted Source •
CVE-2023-22870 – IBM Aspera Faspex information disclosure
https://notcve.org/view.php?id=CVE-2023-22870
IBM Aspera Faspex 5.0.5 transmits sensitive information in cleartext which could be obtained by an attacker using man in the middle techniques. IBM X-Force ID: 244121. IBM Aspera Faspex v5.0.5 transmite información sensible en texto claro que podría ser obtenida por un atacante utilizando técnicas de "man in the middle". IBM X-Force ID: 244121. • https://exchange.xforce.ibmcloud.com/vulnerabilities/244121 https://www.ibm.com/support/pages/node/7029681 • CWE-319: Cleartext Transmission of Sensitive Information •
CVE-2023-27873 – IBM Aspera Faspex information disclosure
https://notcve.org/view.php?id=CVE-2023-27873
IBM Aspera Faspex 4.4.2 could allow a remote authenticated attacker to obtain sensitive credential information using specially crafted XML input. IBM X-Force ID: 249654. • https://exchange.xforce.ibmcloud.com/vulnerabilities/249654 https://www.ibm.com/support/pages/node/6964694 •