21 results (0.011 seconds)

CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0

IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification. • https://www.ibm.com/support/pages/node/7167255 • CWE-650: Trusting HTTP Permission Methods on the Server Side •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user with access to the package to obtain sensitive information through a directory listing. • https://www.ibm.com/support/pages/node/7167255 • CWE-548: Exposure of Information Through Directory Listing •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification. • https://www.ibm.com/support/pages/node/7167255 • CWE-650: Trusting HTTP Permission Methods on the Server Side •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0

IBM Aspera Faspex 5.0.0 through 5.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 260139. IBM Aspera Faspex 5.0.0 a 5.0.6 es vulnerable a Cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/260139 https://www.ibm.com/support/pages/node/7154977 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to weaker than expected security. IBM X-Force ID: 236452. IBM Aspera Faspex 5.0.0 a 5.0.7 podría permitir que un usuario local obtenga información confidencial debido a una seguridad más débil de lo esperado. ID de IBM X-Force: 236452. • https://exchange.xforce.ibmcloud.com/vulnerabilities/236452 https://www.ibm.com/support/pages/node/7148632 • CWE-326: Inadequate Encryption Strength •