Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Aspera_faspex
(Ibm)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 32 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-02-17 | CVE-2022-47986 | IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. The obsolete API call was removed in Faspex 4.4.2 PL2. IBM X-Force ID: 243512. | Aspera_faspex | 9.8 | ||
| 2025-01-29 | CVE-2023-35907 | IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | Aspera_faspex | 9.8 | ||
| 2025-01-29 | CVE-2023-37398 | IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | Aspera_faspex | 9.8 | ||
| 2025-01-29 | CVE-2023-37412 | IBM Aspera Faspex 5.0.0 through 5.0.10 could allow a privileged user to make system changes without proper access controls. | Aspera_faspex | 4.9 | ||
| 2025-01-29 | CVE-2023-37413 | IBM Aspera Faspex 5.0.0 through 5.0.10 could disclose sensitive username information due to an observable response discrepancy. | Aspera_faspex | 5.3 | ||
| 2023-03-16 | CVE-2023-27875 | IBM Aspera Faspex 5.0.4 could allow a user to change other user's credentials due to improper access controls. IBM X-Force ID: 249847. | Aspera_faspex | 7.5 |