CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35907 – IBM Aspera Faspex information disclosure
https://notcve.org/view.php?id=CVE-2023-35907
29 Jan 2025 — IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. • https://www.ibm.com/support/pages/node/7181814 • CWE-521: Weak Password Requirements •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37413 – IBM Aspera Faspex information disclosure
https://notcve.org/view.php?id=CVE-2023-37413
29 Jan 2025 — IBM Aspera Faspex 5.0.0 through 5.0.10 could disclose sensitive username information due to an observable response discrepancy. • https://www.ibm.com/support/pages/node/7181814 • CWE-204: Observable Response Discrepancy •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37398 – IBM Aspera Faspex information disclosure
https://notcve.org/view.php?id=CVE-2023-37398
29 Jan 2025 — IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. • https://www.ibm.com/support/pages/node/7181814 • CWE-521: Weak Password Requirements •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37412 – IBM Aspera Faspex improper access control
https://notcve.org/view.php?id=CVE-2023-37412
29 Jan 2025 — IBM Aspera Faspex 5.0.0 through 5.0.10 could allow a privileged user to make system changes without proper access controls. • https://www.ibm.com/support/pages/node/7181814 • CWE-250: Execution with Unnecessary Privileges •
CVSS: 2.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37395 – IBM Aspera Faspex information disclosure
https://notcve.org/view.php?id=CVE-2023-37395
11 Dec 2024 — IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certain data. • https://www.ibm.com/support/pages/node/7148632 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45097 – IBM Aspera Faspex bypass security
https://notcve.org/view.php?id=CVE-2024-45097
05 Sep 2024 — IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification. • https://www.ibm.com/support/pages/node/7167255 • CWE-650: Trusting HTTP Permission Methods on the Server Side •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45096 – IBM Aspera Faspex information disclosure
https://notcve.org/view.php?id=CVE-2024-45096
05 Sep 2024 — IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user with access to the package to obtain sensitive information through a directory listing. • https://www.ibm.com/support/pages/node/7167255 • CWE-548: Exposure of Information Through Directory Listing •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45098 – IBM Aspera Faspex bypass security
https://notcve.org/view.php?id=CVE-2024-45098
05 Sep 2024 — IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification. • https://www.ibm.com/support/pages/node/7167255 • CWE-650: Trusting HTTP Permission Methods on the Server Side •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37411 – IBM Aspera Faspex cross-site scripting
https://notcve.org/view.php?id=CVE-2023-37411
28 May 2024 — IBM Aspera Faspex 5.0.0 through 5.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 260139. IBM Aspera Faspex 5.0.0 a 5.0.6 es vulnerable a Cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad pre... • https://exchange.xforce.ibmcloud.com/vulnerabilities/260139 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-40745 – IBM Aspera Faspex information disclosure
https://notcve.org/view.php?id=CVE-2022-40745
19 Apr 2024 — IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to weaker than expected security. IBM X-Force ID: 236452. IBM Aspera Faspex 5.0.0 a 5.0.7 podría permitir que un usuario local obtenga información confidencial debido a una seguridad más débil de lo esperado. ID de IBM X-Force: 236452. • https://exchange.xforce.ibmcloud.com/vulnerabilities/236452 • CWE-326: Inadequate Encryption Strength •