Search

Find a vulnerability

Search criteria

    82 vulnerabilities found for Aspera Faspex by IBM

    CVE-2025-36225 (GCVE-0-2025-36225)

    Vulnerability from nvd – Published: 2025-10-09 13:56 – Updated: 2025-10-09 14:43
    VLAI
    Title
    IBM Aspera Faspex information disclosure
    Summary
    IBM Aspera 5.0.0 through 5.0.13.1 could disclose sensitive user information from the system to an authenticated user due to an observable discrepancy of returned data.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7247502 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Aspera Faspex Affected: 5.0.0 , ≤ 5.0.13.1 (semver)
        cpe:2.3:a:ibm:aspera_faspex:5.0.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:aspera_faspex:5.0.13.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36225",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-09T14:43:19.829682Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-09T14:43:28.382Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:aspera_faspex:5.0.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:aspera_faspex:5.0.13.1:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Aspera Faspex",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "5.0.13.1",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Aspera 5\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.0.0 through 5.0.13.1 \u003c/span\u003e\n\ncould disclose sensitive user information from the system to an authenticated user due to an observable discrepancy of returned data."
                }
              ],
              "value": "IBM Aspera 5.0.0 through 5.0.13.1 \n\ncould disclose sensitive user information from the system to an authenticated user due to an observable discrepancy of returned data."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-203",
                  "description": "CWE-203 Observable Discrepancy",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-09T13:56:19.270Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7247502"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003eIBM strongly recommends addressing the vulnerabilities now by upgrading to Faspex 5.0.14 available from the link below.\u003c/div\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eProduct\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFixing VRM\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003ePlatform\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eLink to Fix\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Aspera Faspex\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e5.0.14\u003c/div\u003e\u003c/td\u003e\u003ctd\u003eLinux\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7EOther%20software\u0026amp;product=ibm/Other+software/IBM+Aspera+Faspex+Server\u0026amp;release=All\u0026amp;platform=All\u0026amp;function=fixId\u0026amp;fixids=ibm-aspera-faspex-5.0.14.8861.x86_64\u0026amp;includeRequisites=1\u0026amp;includeSupersedes=0\u0026amp;downloadMethod=http\"\u003eclick here\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerabilities now by upgrading to Faspex 5.0.14 available from the link below.\n\n\u00a0\n\nProductFixing VRMPlatformLink to FixIBM Aspera Faspex5.0.14\n\nLinux click here https://www.ibm.com/support/fixcentral/swg/downloadFixes"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Aspera Faspex information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-36225",
        "datePublished": "2025-10-09T13:56:19.270Z",
        "dateReserved": "2025-04-15T21:16:41.802Z",
        "dateUpdated": "2025-10-09T14:43:28.382Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-36171 (GCVE-0-2025-36171)

    Vulnerability from nvd – Published: 2025-10-09 13:57 – Updated: 2025-10-09 14:15
    VLAI
    Title
    IBM Aspera Faspex denial of service
    Summary
    IBM Aspera Faspex 5.0.0 through 5.0.13.1 could allow a privileged user to cause a denial of service from improperly validated API input due to excessive resource consumption.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7247502 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Aspera Faspex Affected: 5.0.0 , ≤ 5.0.13.1 (semver)
        cpe:2.3:a:ibm:aspera_faspex:5.0.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:aspera_faspex:5.0.13.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36171",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-09T14:15:01.801005Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-09T14:15:08.708Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:aspera_faspex:5.0.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:aspera_faspex:5.0.13.1:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Aspera Faspex",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "5.0.13.1",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Aspera Faspex 5.0.0 through 5.0.13.1\u0026nbsp;could allow a privileged user to cause a denial of service from improperly validated API input due to excessive resource consumption."
                }
              ],
              "value": "IBM Aspera Faspex 5.0.0 through 5.0.13.1\u00a0could allow a privileged user to cause a denial of service from improperly validated API input due to excessive resource consumption."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-09T13:57:51.884Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7247502"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003eIBM strongly recommends addressing the vulnerabilities now by upgrading to Faspex 5.0.14 available from the link below.\u003c/div\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eProduct\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFixing VRM\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003ePlatform\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eLink to Fix\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Aspera Faspex\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e5.0.14\u003c/div\u003e\u003c/td\u003e\u003ctd\u003eLinux\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7EOther%20software\u0026amp;product=ibm/Other+software/IBM+Aspera+Faspex+Server\u0026amp;release=All\u0026amp;platform=All\u0026amp;function=fixId\u0026amp;fixids=ibm-aspera-faspex-5.0.14.8861.x86_64\u0026amp;includeRequisites=1\u0026amp;includeSupersedes=0\u0026amp;downloadMethod=http\"\u003eclick here\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerabilities now by upgrading to Faspex 5.0.14 available from the link below.\n\n\u00a0\n\nProductFixing VRMPlatformLink to FixIBM Aspera Faspex5.0.14\n\nLinux click here https://www.ibm.com/support/fixcentral/swg/downloadFixes"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Aspera Faspex denial of service",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-36171",
        "datePublished": "2025-10-09T13:57:51.884Z",
        "dateReserved": "2025-04-15T21:16:22.577Z",
        "dateUpdated": "2025-10-09T14:15:08.708Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-37401 (GCVE-0-2023-37401)

    Vulnerability from nvd – Published: 2025-10-09 13:54 – Updated: 2025-10-09 19:06
    VLAI
    Title
    IBM Aspera Faspex cross-origin resource sharing
    Summary
    IBM Aspera Faspex 5.0.0 through 5.0.13.1 uses a cross-domain policy file that includes domains that should not be trusted.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-942 - Overly Permissive Cross-domain Whitelist
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7247502 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Aspera Faspex Affected: 5.0.0 , ≤ 5.0.13.1 (semver)
        cpe:2.3:a:ibm:aspera_faspex:5.0.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:aspera_faspex:5.0.13.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-37401",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-09T19:05:57.796792Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-09T19:06:07.254Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:aspera_faspex:5.0.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:aspera_faspex:5.0.13.1:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Aspera Faspex",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "5.0.13.1",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Aspera Faspex 5.0.0 through 5.0.13.1 uses a cross-domain policy file that includes domains that should not be trusted."
                }
              ],
              "value": "IBM Aspera Faspex 5.0.0 through 5.0.13.1 uses a cross-domain policy file that includes domains that should not be trusted."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-942",
                  "description": "CWE-942 Overly Permissive Cross-domain Whitelist",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-09T13:56:50.098Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7247502"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003eIBM strongly recommends addressing the vulnerabilities now by upgrading to Faspex 5.0.14 available from the link below.\u003c/div\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eProduct\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFixing VRM\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003ePlatform\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eLink to Fix\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Aspera Faspex\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e5.0.14\u003c/div\u003e\u003c/td\u003e\u003ctd\u003eLinux\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7EOther%20software\u0026amp;product=ibm/Other+software/IBM+Aspera+Faspex+Server\u0026amp;release=All\u0026amp;platform=All\u0026amp;function=fixId\u0026amp;fixids=ibm-aspera-faspex-5.0.14.8861.x86_64\u0026amp;includeRequisites=1\u0026amp;includeSupersedes=0\u0026amp;downloadMethod=http\"\u003eclick here\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerabilities now by upgrading to Faspex 5.0.14 available from the link below.\n\n\u00a0\n\nProductFixing VRMPlatformLink to FixIBM Aspera Faspex5.0.14\n\nLinux click here https://www.ibm.com/support/fixcentral/swg/downloadFixes"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Aspera Faspex cross-origin resource sharing",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2023-37401",
        "datePublished": "2025-10-09T13:54:38.846Z",
        "dateReserved": "2023-07-05T15:59:03.335Z",
        "dateUpdated": "2025-10-09T19:06:07.254Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-36040 (GCVE-0-2025-36040)

    Vulnerability from nvd – Published: 2025-07-30 23:48 – Updated: 2025-07-31 17:55
    VLAI
    Title
    IBM Aspera Faspex session fixation
    Summary
    IBM Aspera Faspex 5.0.0 through 5.0.12.1 could allow an authenticated user to perform unauthorized actions due to client-side enforcement of sever side security mechanisms.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-613 - Insufficient Session Expiration
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7241007 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Aspera Faspex Affected: 5.0.0 , ≤ 5.0.12.1 (semver)
        cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:aspera_faspex:5.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:aspera_faspex:5.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:aspera_faspex:5.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:aspera_faspex:5.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:aspera_faspex:5.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:aspera_faspex:5.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:aspera_faspex:5.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:aspera_faspex:5.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:aspera_faspex:5.0.12:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:aspera_faspex:5.0.12.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36040",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-31T13:39:35.806039Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-31T17:55:19.229Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:aspera_faspex:5.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:aspera_faspex:5.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:aspera_faspex:5.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:aspera_faspex:5.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:aspera_faspex:5.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:aspera_faspex:5.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:aspera_faspex:5.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:aspera_faspex:5.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:aspera_faspex:5.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:aspera_faspex:5.0.12.1:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Aspera Faspex",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "5.0.12.1",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Aspera Faspex 5.0.0 through 5.0.12.1 could allow an authenticated user to perform unauthorized actions due to client-side enforcement of sever side security mechanisms."
                }
              ],
              "value": "IBM Aspera Faspex 5.0.0 through 5.0.12.1 could allow an authenticated user to perform unauthorized actions due to client-side enforcement of sever side security mechanisms."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-613",
                  "description": "CWE-613 Insufficient Session Expiration",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-30T23:48:52.209Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7241007"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM strongly recommends addressing the vulnerabilities now by upgrading to Faspex 5.0.13.\u003cbr\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerabilities now by upgrading to Faspex 5.0.13."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Aspera Faspex session fixation",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-36040",
        "datePublished": "2025-07-30T23:48:52.209Z",
        "dateReserved": "2025-04-15T21:16:10.568Z",
        "dateUpdated": "2025-07-31T17:55:19.229Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-36039 (GCVE-0-2025-36039)

    Vulnerability from nvd – Published: 2025-07-30 23:47 – Updated: 2025-07-31 17:55
    VLAI
    Title
    IBM Aspera Faspex bypass security
    Summary
    IBM Aspera Faspex 5.0.0 through 5.0.12.1 could allow an authenticated user to perform unauthorized actions due to client-side enforcement of sever side security mechanisms,
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-602 - Client-Side Enforcement of Server-Side Security
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7241007 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Aspera Faspex Affected: 5.0.0 , ≤ 5.0.12.1 (semver)
        cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:aspera_faspex:5.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:aspera_faspex:5.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:aspera_faspex:5.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:aspera_faspex:5.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:aspera_faspex:5.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:aspera_faspex:5.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:aspera_faspex:5.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:aspera_faspex:5.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:aspera_faspex:5.0.12:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:aspera_faspex:5.0.12.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36039",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-31T13:39:39.869388Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-31T17:55:40.360Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:aspera_faspex:5.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:aspera_faspex:5.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:aspera_faspex:5.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:aspera_faspex:5.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:aspera_faspex:5.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:aspera_faspex:5.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:aspera_faspex:5.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:aspera_faspex:5.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:aspera_faspex:5.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:aspera_faspex:5.0.12.1:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Aspera Faspex",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "5.0.12.1",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Aspera Faspex 5.0.0 through 5.0.12.1 could allow an authenticated user to perform unauthorized actions due to client-side enforcement of sever side security mechanisms,"
                }
              ],
              "value": "IBM Aspera Faspex 5.0.0 through 5.0.12.1 could allow an authenticated user to perform unauthorized actions due to client-side enforcement of sever side security mechanisms,"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-602",
                  "description": "CWE-602 Client-Side Enforcement of Server-Side Security",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-30T23:47:25.483Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7241007"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM strongly recommends addressing the vulnerabilities now by upgrading to Faspex 5.0.13.\u003cbr\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerabilities now by upgrading to Faspex 5.0.13."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Aspera Faspex bypass security",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-36039",
        "datePublished": "2025-07-30T23:47:25.483Z",
        "dateReserved": "2025-04-15T21:16:09.685Z",
        "dateUpdated": "2025-07-31T17:55:40.360Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-33138 (GCVE-0-2025-33138)

    Vulnerability from nvd – Published: 2025-05-22 16:37 – Updated: 2025-08-26 15:04
    VLAI
    Title
    IBM Aspera Faspex HTML injection
    Summary
    IBM Aspera Faspex 5.0.0 through 5.0.12 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7234114 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Aspera Faspex Affected: 5.0.0 , ≤ 5.0.12 (semver)
        cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:aspera_faspex:5.0.12:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-33138",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-22T17:42:25.226671Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-22T18:02:51.533Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:aspera_faspex:5.0.12:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Aspera Faspex",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "5.0.12",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Aspera Faspex 5.0.0 through 5.0.12 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site."
                }
              ],
              "value": "IBM Aspera Faspex 5.0.0 through 5.0.12 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-80",
                  "description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-26T15:04:09.662Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7234114"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM strongly recommends addressing the vulnerabilities now by upgrading the container images to 5.0.12.1 available from IBM Container Registry\u003c/span\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerabilities now by upgrading the container images to 5.0.12.1 available from IBM Container Registry"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Aspera Faspex HTML injection",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-33138",
        "datePublished": "2025-05-22T16:37:28.698Z",
        "dateReserved": "2025-04-15T17:51:21.700Z",
        "dateUpdated": "2025-08-26T15:04:09.662Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-33137 (GCVE-0-2025-33137)

    Vulnerability from nvd – Published: 2025-05-22 16:36 – Updated: 2025-08-26 15:05
    VLAI
    Title
    IBM Aspera Faspex data modification
    Summary
    IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to client-side enforcement of server-side security.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-602 - Client-Side Enforcement of Server-Side Security
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7234114 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Aspera Faspex Affected: 5.0.0 , ≤ 5.0.12 (semver)
        cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:aspera_faspex:5.0.12:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-33137",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-22T17:42:32.748335Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-22T18:04:27.703Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:aspera_faspex:5.0.12:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Aspera Faspex",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "5.0.12",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to client-side enforcement of server-side security."
                }
              ],
              "value": "IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to client-side enforcement of server-side security."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-602",
                  "description": "CWE-602 Client-Side Enforcement of Server-Side Security",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-26T15:05:04.735Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7234114"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM strongly recommends addressing the vulnerabilities now by upgrading the container images to 5.0.12.1 available from IBM Container Registry\u003c/span\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerabilities now by upgrading the container images to 5.0.12.1 available from IBM Container Registry"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Aspera Faspex data modification",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-33137",
        "datePublished": "2025-05-22T16:36:04.256Z",
        "dateReserved": "2025-04-15T17:51:21.700Z",
        "dateUpdated": "2025-08-26T15:05:04.735Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-33136 (GCVE-0-2025-33136)

    Vulnerability from nvd – Published: 2025-05-22 16:14 – Updated: 2025-08-26 15:04
    VLAI
    Title
    IBM Aspera Faspex data modification
    Summary
    IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to improper protection of assumed immutable data.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-471 - Modification of Assumed-Immutable Data (MAID)
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7234114 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Aspera Faspex Affected: 5.0.0 , ≤ 5.0.12 (semver)
        cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:aspera_faspex:5.0.12:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-33136",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-22T17:42:42.800346Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-22T18:04:48.118Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:aspera_faspex:5.0.12:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Aspera Faspex",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "5.0.12",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to improper protection of assumed immutable data."
                }
              ],
              "value": "IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to improper protection of assumed immutable data."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-471",
                  "description": "CWE-471 Modification of Assumed-Immutable Data (MAID)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-26T15:04:47.668Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7234114"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM strongly recommends addressing the vulnerabilities now by upgrading the container images to 5.0.12.1 available from IBM Container Registry\u003c/span\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerabilities now by upgrading the container images to 5.0.12.1 available from IBM Container Registry"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Aspera Faspex data modification",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-33136",
        "datePublished": "2025-05-22T16:14:02.649Z",
        "dateReserved": "2025-04-15T17:51:21.699Z",
        "dateUpdated": "2025-08-26T15:04:47.668Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-3423 (GCVE-0-2025-3423)

    Vulnerability from nvd – Published: 2025-04-13 11:56 – Updated: 2025-09-01 10:15
    VLAI
    Title
    IBM Aspera Faspex 5 cross-site scripting
    Summary
    IBM Aspera Faspex 5.0.0 through 5.0.11 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7230757 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Aspera Faspex Affected: 5.0.0 , ≤ 5.0.11 (semver)
        cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:aspera_faspex:5.0.11:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3423",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-14T19:21:05.871543Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-14T19:21:33.530Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:aspera_faspex:5.0.11:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Aspera Faspex",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "5.0.11",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Aspera Faspex 5.0.0 through 5.0.11 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.\u003c/span\u003e"
                }
              ],
              "value": "IBM Aspera Faspex 5.0.0 through 5.0.11 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-01T10:15:36.536Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7230757"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Aspera Faspex 5 cross-site scripting",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-3423",
        "datePublished": "2025-04-13T11:56:15.398Z",
        "dateReserved": "2025-04-07T14:58:49.159Z",
        "dateUpdated": "2025-09-01T10:15:36.536Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-37413 (GCVE-0-2023-37413)

    Vulnerability from nvd – Published: 2025-01-29 16:36 – Updated: 2025-02-12 16:39
    VLAI
    Title
    IBM Aspera Faspex information disclosure
    Summary
    IBM Aspera Faspex 5.0.0 through 5.0.10 could disclose sensitive username information due to an observable response discrepancy.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-204 - Response Discrepancy Information Exposure
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Aspera Faspex Affected: 5.0.0 , ≤ 5.0.10 (semver)
        cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:aspera_faspex:5.0.10:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-37413",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-29T16:52:44.263224Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-12T16:39:51.480Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:aspera_faspex:5.0.10:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Aspera Faspex",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "5.0.10",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Aspera Faspex 5.0.0 through 5.0.10 could disclose sensitive username information due to an observable response discrepancy."
                }
              ],
              "value": "IBM Aspera Faspex 5.0.0 through 5.0.10 could disclose sensitive username information due to an observable response discrepancy."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-204",
                  "description": "CWE-204 Response Discrepancy Information Exposure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-29T16:36:24.872Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "url": "https://www.ibm.com/support/pages/node/7181814"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Aspera Faspex information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2023-37413",
        "datePublished": "2025-01-29T16:36:24.872Z",
        "dateReserved": "2023-07-05T15:59:16.997Z",
        "dateUpdated": "2025-02-12T16:39:51.480Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-37412 (GCVE-0-2023-37412)

    Vulnerability from nvd – Published: 2025-01-29 16:34 – Updated: 2025-02-12 16:48
    VLAI
    Title
    IBM Aspera Faspex improper access control
    Summary
    IBM Aspera Faspex 5.0.0 through 5.0.10 could allow a privileged user to make system changes without proper access controls.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-250 - Execution with Unnecessary Privileges
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Aspera Faspex Affected: 5.0.0 , ≤ 5.0.10 (semver)
        cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:aspera_faspex:5.0.10:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-37412",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-29T16:54:27.016356Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-12T16:48:00.305Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:aspera_faspex:5.0.10:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Aspera Faspex",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "5.0.10",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Aspera Faspex 5.0.0 through 5.0.10 could allow a privileged user to make system changes without proper access controls."
                }
              ],
              "value": "IBM Aspera Faspex 5.0.0 through 5.0.10 could allow a privileged user to make system changes without proper access controls."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-250",
                  "description": "CWE-250 Execution with Unnecessary Privileges",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-29T16:34:55.809Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "url": "https://www.ibm.com/support/pages/node/7181814"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Aspera Faspex improper access control",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2023-37412",
        "datePublished": "2025-01-29T16:34:55.809Z",
        "dateReserved": "2023-07-05T15:59:16.997Z",
        "dateUpdated": "2025-02-12T16:48:00.305Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-37398 (GCVE-0-2023-37398)

    Vulnerability from nvd – Published: 2025-01-29 16:35 – Updated: 2025-02-12 16:47
    VLAI
    Title
    IBM Aspera Faspex information disclosure
    Summary
    IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-521 - Weak Password Requirements
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Aspera Faspex Affected: 5.0.0 , ≤ 5.0.10 (semver)
        cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:aspera_faspex:5.0.10:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-37398",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-29T16:54:36.698633Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-12T16:47:19.522Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:aspera_faspex:5.0.10:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Aspera Faspex",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "5.0.10",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts."
                }
              ],
              "value": "IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-521",
                  "description": "CWE-521 Weak Password Requirements",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-29T16:35:45.779Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "url": "https://www.ibm.com/support/pages/node/7181814"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Aspera Faspex information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2023-37398",
        "datePublished": "2025-01-29T16:35:45.779Z",
        "dateReserved": "2023-07-05T15:59:03.335Z",
        "dateUpdated": "2025-02-12T16:47:19.522Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-35907 (GCVE-0-2023-35907)

    Vulnerability from nvd – Published: 2025-01-29 16:37 – Updated: 2025-02-12 16:47
    VLAI
    Title
    IBM Aspera Faspex information disclosure
    Summary
    IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-521 - Weak Password Requirements
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Aspera Faspex Affected: 5.0.0 , ≤ 5.0.10 (semver)
        cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:aspera_faspex:5.0.10:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-35907",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-29T16:52:21.199357Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-12T16:47:02.895Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:aspera_faspex:5.0.10:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Aspera Faspex",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "5.0.10",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts."
                }
              ],
              "value": "IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-521",
                  "description": "CWE-521 Weak Password Requirements",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-29T16:37:06.966Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "url": "https://www.ibm.com/support/pages/node/7181814"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Aspera Faspex information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2023-35907",
        "datePublished": "2025-01-29T16:37:06.966Z",
        "dateReserved": "2023-06-20T02:24:31.594Z",
        "dateUpdated": "2025-02-12T16:47:02.895Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-37395 (GCVE-0-2023-37395)

    Vulnerability from nvd – Published: 2024-12-11 02:49 – Updated: 2024-12-11 15:33
    VLAI
    Title
    IBM Aspera Faspex information disclosure
    Summary
    IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certain data.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Aspera Faspex Affected: 5.0.0 , ≤ 5.0.7 (semver)
        cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:aspera_faspex:5.0.7:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-37395",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-11T15:33:36.465223Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-11T15:33:45.364Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:aspera_faspex:5.0.7:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Aspera Faspex",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "5.0.7",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certain data.\u0026nbsp;"
                }
              ],
              "value": "IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certain data."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 2.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-327",
                  "description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-11T02:49:38.428Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7148632"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Aspera Faspex information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2023-37395",
        "datePublished": "2024-12-11T02:49:38.428Z",
        "dateReserved": "2023-07-05T15:59:03.334Z",
        "dateUpdated": "2024-12-11T15:33:45.364Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-45098 (GCVE-0-2024-45098)

    Vulnerability from nvd – Published: 2024-09-05 15:31 – Updated: 2024-09-05 15:43
    VLAI
    Title
    IBM Aspera Faspex bypass security
    Summary
    IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-650 - Trusting HTTP Permission Methods on the Server Side
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Aspera Faspex Affected: 5.0.0 , ≤ 5.0.9 (semver)
        cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:aspera_faspex:5.0.9:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Jan van der Put, Jasper Westerman, Yanick de Pater of REQON B.V.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-45098",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-05T15:41:39.305969Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-05T15:43:35.370Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:aspera_faspex:5.0.9:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Aspera Faspex",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "5.0.9",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Jan van der Put, Jasper Westerman, Yanick de Pater of REQON B.V."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification."
                }
              ],
              "value": "IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-650",
                  "description": "CWE-650 Trusting HTTP Permission Methods on the Server Side",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-05T15:31:43.745Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "url": "https://www.ibm.com/support/pages/node/7167255"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Aspera Faspex bypass security",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-45098",
        "datePublished": "2024-09-05T15:31:43.745Z",
        "dateReserved": "2024-08-21T19:11:14.497Z",
        "dateUpdated": "2024-09-05T15:43:35.370Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-45097 (GCVE-0-2024-45097)

    Vulnerability from nvd – Published: 2024-09-05 15:35 – Updated: 2024-09-05 15:46
    VLAI
    Title
    IBM Aspera Faspex bypass security
    Summary
    IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-650 - Trusting HTTP Permission Methods on the Server Side
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Aspera Faspex Affected: 5.0.0 , ≤ 5.0.9 (semver)
        cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:aspera_faspex:5.0.9:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Jan van der Put, Jasper Westerman, Yanick de Pater of REQON B.V.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-45097",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-05T15:46:12.984088Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-05T15:46:21.130Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:aspera_faspex:5.0.9:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Aspera Faspex",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "5.0.9",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Jan van der Put, Jasper Westerman, Yanick de Pater of REQON B.V."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification."
                }
              ],
              "value": "IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-650",
                  "description": "CWE-650 Trusting HTTP Permission Methods on the Server Side",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-05T15:35:56.186Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "url": "https://www.ibm.com/support/pages/node/7167255"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Aspera Faspex bypass security",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-45097",
        "datePublished": "2024-09-05T15:35:56.186Z",
        "dateReserved": "2024-08-21T19:11:14.497Z",
        "dateUpdated": "2024-09-05T15:46:21.130Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-36171 (GCVE-0-2025-36171)

    Vulnerability from cvelistv5 – Published: 2025-10-09 13:57 – Updated: 2025-10-09 14:15
    VLAI
    Title
    IBM Aspera Faspex denial of service
    Summary
    IBM Aspera Faspex 5.0.0 through 5.0.13.1 could allow a privileged user to cause a denial of service from improperly validated API input due to excessive resource consumption.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7247502 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Aspera Faspex Affected: 5.0.0 , ≤ 5.0.13.1 (semver)
        cpe:2.3:a:ibm:aspera_faspex:5.0.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:aspera_faspex:5.0.13.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36171",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-09T14:15:01.801005Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-09T14:15:08.708Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:aspera_faspex:5.0.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:aspera_faspex:5.0.13.1:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Aspera Faspex",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "5.0.13.1",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Aspera Faspex 5.0.0 through 5.0.13.1\u0026nbsp;could allow a privileged user to cause a denial of service from improperly validated API input due to excessive resource consumption."
                }
              ],
              "value": "IBM Aspera Faspex 5.0.0 through 5.0.13.1\u00a0could allow a privileged user to cause a denial of service from improperly validated API input due to excessive resource consumption."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-09T13:57:51.884Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7247502"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003eIBM strongly recommends addressing the vulnerabilities now by upgrading to Faspex 5.0.14 available from the link below.\u003c/div\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eProduct\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFixing VRM\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003ePlatform\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eLink to Fix\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Aspera Faspex\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e5.0.14\u003c/div\u003e\u003c/td\u003e\u003ctd\u003eLinux\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7EOther%20software\u0026amp;product=ibm/Other+software/IBM+Aspera+Faspex+Server\u0026amp;release=All\u0026amp;platform=All\u0026amp;function=fixId\u0026amp;fixids=ibm-aspera-faspex-5.0.14.8861.x86_64\u0026amp;includeRequisites=1\u0026amp;includeSupersedes=0\u0026amp;downloadMethod=http\"\u003eclick here\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerabilities now by upgrading to Faspex 5.0.14 available from the link below.\n\n\u00a0\n\nProductFixing VRMPlatformLink to FixIBM Aspera Faspex5.0.14\n\nLinux click here https://www.ibm.com/support/fixcentral/swg/downloadFixes"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Aspera Faspex denial of service",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-36171",
        "datePublished": "2025-10-09T13:57:51.884Z",
        "dateReserved": "2025-04-15T21:16:22.577Z",
        "dateUpdated": "2025-10-09T14:15:08.708Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-36225 (GCVE-0-2025-36225)

    Vulnerability from cvelistv5 – Published: 2025-10-09 13:56 – Updated: 2025-10-09 14:43
    VLAI
    Title
    IBM Aspera Faspex information disclosure
    Summary
    IBM Aspera 5.0.0 through 5.0.13.1 could disclose sensitive user information from the system to an authenticated user due to an observable discrepancy of returned data.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7247502 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Aspera Faspex Affected: 5.0.0 , ≤ 5.0.13.1 (semver)
        cpe:2.3:a:ibm:aspera_faspex:5.0.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:aspera_faspex:5.0.13.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36225",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-09T14:43:19.829682Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-09T14:43:28.382Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:aspera_faspex:5.0.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:aspera_faspex:5.0.13.1:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Aspera Faspex",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "5.0.13.1",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Aspera 5\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.0.0 through 5.0.13.1 \u003c/span\u003e\n\ncould disclose sensitive user information from the system to an authenticated user due to an observable discrepancy of returned data."
                }
              ],
              "value": "IBM Aspera 5.0.0 through 5.0.13.1 \n\ncould disclose sensitive user information from the system to an authenticated user due to an observable discrepancy of returned data."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-203",
                  "description": "CWE-203 Observable Discrepancy",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-09T13:56:19.270Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7247502"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003eIBM strongly recommends addressing the vulnerabilities now by upgrading to Faspex 5.0.14 available from the link below.\u003c/div\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eProduct\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFixing VRM\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003ePlatform\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eLink to Fix\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Aspera Faspex\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e5.0.14\u003c/div\u003e\u003c/td\u003e\u003ctd\u003eLinux\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7EOther%20software\u0026amp;product=ibm/Other+software/IBM+Aspera+Faspex+Server\u0026amp;release=All\u0026amp;platform=All\u0026amp;function=fixId\u0026amp;fixids=ibm-aspera-faspex-5.0.14.8861.x86_64\u0026amp;includeRequisites=1\u0026amp;includeSupersedes=0\u0026amp;downloadMethod=http\"\u003eclick here\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerabilities now by upgrading to Faspex 5.0.14 available from the link below.\n\n\u00a0\n\nProductFixing VRMPlatformLink to FixIBM Aspera Faspex5.0.14\n\nLinux click here https://www.ibm.com/support/fixcentral/swg/downloadFixes"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Aspera Faspex information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-36225",
        "datePublished": "2025-10-09T13:56:19.270Z",
        "dateReserved": "2025-04-15T21:16:41.802Z",
        "dateUpdated": "2025-10-09T14:43:28.382Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-37401 (GCVE-0-2023-37401)

    Vulnerability from cvelistv5 – Published: 2025-10-09 13:54 – Updated: 2025-10-09 19:06
    VLAI
    Title
    IBM Aspera Faspex cross-origin resource sharing
    Summary
    IBM Aspera Faspex 5.0.0 through 5.0.13.1 uses a cross-domain policy file that includes domains that should not be trusted.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-942 - Overly Permissive Cross-domain Whitelist
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7247502 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Aspera Faspex Affected: 5.0.0 , ≤ 5.0.13.1 (semver)
        cpe:2.3:a:ibm:aspera_faspex:5.0.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:aspera_faspex:5.0.13.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-37401",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-09T19:05:57.796792Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-09T19:06:07.254Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:aspera_faspex:5.0.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:aspera_faspex:5.0.13.1:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Aspera Faspex",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "5.0.13.1",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Aspera Faspex 5.0.0 through 5.0.13.1 uses a cross-domain policy file that includes domains that should not be trusted."
                }
              ],
              "value": "IBM Aspera Faspex 5.0.0 through 5.0.13.1 uses a cross-domain policy file that includes domains that should not be trusted."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-942",
                  "description": "CWE-942 Overly Permissive Cross-domain Whitelist",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-09T13:56:50.098Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7247502"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003eIBM strongly recommends addressing the vulnerabilities now by upgrading to Faspex 5.0.14 available from the link below.\u003c/div\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eProduct\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFixing VRM\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003ePlatform\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eLink to Fix\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Aspera Faspex\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e5.0.14\u003c/div\u003e\u003c/td\u003e\u003ctd\u003eLinux\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7EOther%20software\u0026amp;product=ibm/Other+software/IBM+Aspera+Faspex+Server\u0026amp;release=All\u0026amp;platform=All\u0026amp;function=fixId\u0026amp;fixids=ibm-aspera-faspex-5.0.14.8861.x86_64\u0026amp;includeRequisites=1\u0026amp;includeSupersedes=0\u0026amp;downloadMethod=http\"\u003eclick here\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerabilities now by upgrading to Faspex 5.0.14 available from the link below.\n\n\u00a0\n\nProductFixing VRMPlatformLink to FixIBM Aspera Faspex5.0.14\n\nLinux click here https://www.ibm.com/support/fixcentral/swg/downloadFixes"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Aspera Faspex cross-origin resource sharing",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2023-37401",
        "datePublished": "2025-10-09T13:54:38.846Z",
        "dateReserved": "2023-07-05T15:59:03.335Z",
        "dateUpdated": "2025-10-09T19:06:07.254Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-36040 (GCVE-0-2025-36040)

    Vulnerability from cvelistv5 – Published: 2025-07-30 23:48 – Updated: 2025-07-31 17:55
    VLAI
    Title
    IBM Aspera Faspex session fixation
    Summary
    IBM Aspera Faspex 5.0.0 through 5.0.12.1 could allow an authenticated user to perform unauthorized actions due to client-side enforcement of sever side security mechanisms.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-613 - Insufficient Session Expiration
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7241007 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Aspera Faspex Affected: 5.0.0 , ≤ 5.0.12.1 (semver)
        cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:aspera_faspex:5.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:aspera_faspex:5.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:aspera_faspex:5.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:aspera_faspex:5.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:aspera_faspex:5.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:aspera_faspex:5.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:aspera_faspex:5.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:aspera_faspex:5.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:aspera_faspex:5.0.12:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:aspera_faspex:5.0.12.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36040",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-31T13:39:35.806039Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-31T17:55:19.229Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:aspera_faspex:5.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:aspera_faspex:5.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:aspera_faspex:5.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:aspera_faspex:5.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:aspera_faspex:5.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:aspera_faspex:5.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:aspera_faspex:5.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:aspera_faspex:5.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:aspera_faspex:5.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:aspera_faspex:5.0.12.1:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Aspera Faspex",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "5.0.12.1",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Aspera Faspex 5.0.0 through 5.0.12.1 could allow an authenticated user to perform unauthorized actions due to client-side enforcement of sever side security mechanisms."
                }
              ],
              "value": "IBM Aspera Faspex 5.0.0 through 5.0.12.1 could allow an authenticated user to perform unauthorized actions due to client-side enforcement of sever side security mechanisms."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-613",
                  "description": "CWE-613 Insufficient Session Expiration",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-30T23:48:52.209Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7241007"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM strongly recommends addressing the vulnerabilities now by upgrading to Faspex 5.0.13.\u003cbr\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerabilities now by upgrading to Faspex 5.0.13."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Aspera Faspex session fixation",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-36040",
        "datePublished": "2025-07-30T23:48:52.209Z",
        "dateReserved": "2025-04-15T21:16:10.568Z",
        "dateUpdated": "2025-07-31T17:55:19.229Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-36039 (GCVE-0-2025-36039)

    Vulnerability from cvelistv5 – Published: 2025-07-30 23:47 – Updated: 2025-07-31 17:55
    VLAI
    Title
    IBM Aspera Faspex bypass security
    Summary
    IBM Aspera Faspex 5.0.0 through 5.0.12.1 could allow an authenticated user to perform unauthorized actions due to client-side enforcement of sever side security mechanisms,
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-602 - Client-Side Enforcement of Server-Side Security
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7241007 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Aspera Faspex Affected: 5.0.0 , ≤ 5.0.12.1 (semver)
        cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:aspera_faspex:5.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:aspera_faspex:5.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:aspera_faspex:5.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:aspera_faspex:5.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:aspera_faspex:5.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:aspera_faspex:5.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:aspera_faspex:5.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:aspera_faspex:5.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:aspera_faspex:5.0.12:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:aspera_faspex:5.0.12.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36039",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-31T13:39:39.869388Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-31T17:55:40.360Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:aspera_faspex:5.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:aspera_faspex:5.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:aspera_faspex:5.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:aspera_faspex:5.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:aspera_faspex:5.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:aspera_faspex:5.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:aspera_faspex:5.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:aspera_faspex:5.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:aspera_faspex:5.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:aspera_faspex:5.0.12.1:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Aspera Faspex",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "5.0.12.1",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Aspera Faspex 5.0.0 through 5.0.12.1 could allow an authenticated user to perform unauthorized actions due to client-side enforcement of sever side security mechanisms,"
                }
              ],
              "value": "IBM Aspera Faspex 5.0.0 through 5.0.12.1 could allow an authenticated user to perform unauthorized actions due to client-side enforcement of sever side security mechanisms,"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-602",
                  "description": "CWE-602 Client-Side Enforcement of Server-Side Security",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-30T23:47:25.483Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7241007"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM strongly recommends addressing the vulnerabilities now by upgrading to Faspex 5.0.13.\u003cbr\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerabilities now by upgrading to Faspex 5.0.13."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Aspera Faspex bypass security",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-36039",
        "datePublished": "2025-07-30T23:47:25.483Z",
        "dateReserved": "2025-04-15T21:16:09.685Z",
        "dateUpdated": "2025-07-31T17:55:40.360Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-33138 (GCVE-0-2025-33138)

    Vulnerability from cvelistv5 – Published: 2025-05-22 16:37 – Updated: 2025-08-26 15:04
    VLAI
    Title
    IBM Aspera Faspex HTML injection
    Summary
    IBM Aspera Faspex 5.0.0 through 5.0.12 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7234114 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Aspera Faspex Affected: 5.0.0 , ≤ 5.0.12 (semver)
        cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:aspera_faspex:5.0.12:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-33138",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-22T17:42:25.226671Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-22T18:02:51.533Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:aspera_faspex:5.0.12:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Aspera Faspex",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "5.0.12",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Aspera Faspex 5.0.0 through 5.0.12 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site."
                }
              ],
              "value": "IBM Aspera Faspex 5.0.0 through 5.0.12 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-80",
                  "description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-26T15:04:09.662Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7234114"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM strongly recommends addressing the vulnerabilities now by upgrading the container images to 5.0.12.1 available from IBM Container Registry\u003c/span\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerabilities now by upgrading the container images to 5.0.12.1 available from IBM Container Registry"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Aspera Faspex HTML injection",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-33138",
        "datePublished": "2025-05-22T16:37:28.698Z",
        "dateReserved": "2025-04-15T17:51:21.700Z",
        "dateUpdated": "2025-08-26T15:04:09.662Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-33137 (GCVE-0-2025-33137)

    Vulnerability from cvelistv5 – Published: 2025-05-22 16:36 – Updated: 2025-08-26 15:05
    VLAI
    Title
    IBM Aspera Faspex data modification
    Summary
    IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to client-side enforcement of server-side security.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-602 - Client-Side Enforcement of Server-Side Security
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7234114 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Aspera Faspex Affected: 5.0.0 , ≤ 5.0.12 (semver)
        cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:aspera_faspex:5.0.12:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-33137",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-22T17:42:32.748335Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-22T18:04:27.703Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:aspera_faspex:5.0.12:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Aspera Faspex",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "5.0.12",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to client-side enforcement of server-side security."
                }
              ],
              "value": "IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to client-side enforcement of server-side security."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-602",
                  "description": "CWE-602 Client-Side Enforcement of Server-Side Security",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-26T15:05:04.735Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7234114"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM strongly recommends addressing the vulnerabilities now by upgrading the container images to 5.0.12.1 available from IBM Container Registry\u003c/span\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerabilities now by upgrading the container images to 5.0.12.1 available from IBM Container Registry"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Aspera Faspex data modification",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-33137",
        "datePublished": "2025-05-22T16:36:04.256Z",
        "dateReserved": "2025-04-15T17:51:21.700Z",
        "dateUpdated": "2025-08-26T15:05:04.735Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-33136 (GCVE-0-2025-33136)

    Vulnerability from cvelistv5 – Published: 2025-05-22 16:14 – Updated: 2025-08-26 15:04
    VLAI
    Title
    IBM Aspera Faspex data modification
    Summary
    IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to improper protection of assumed immutable data.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-471 - Modification of Assumed-Immutable Data (MAID)
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7234114 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Aspera Faspex Affected: 5.0.0 , ≤ 5.0.12 (semver)
        cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:aspera_faspex:5.0.12:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-33136",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-22T17:42:42.800346Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-22T18:04:48.118Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:aspera_faspex:5.0.12:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Aspera Faspex",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "5.0.12",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to improper protection of assumed immutable data."
                }
              ],
              "value": "IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to improper protection of assumed immutable data."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-471",
                  "description": "CWE-471 Modification of Assumed-Immutable Data (MAID)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-26T15:04:47.668Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7234114"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM strongly recommends addressing the vulnerabilities now by upgrading the container images to 5.0.12.1 available from IBM Container Registry\u003c/span\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerabilities now by upgrading the container images to 5.0.12.1 available from IBM Container Registry"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Aspera Faspex data modification",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-33136",
        "datePublished": "2025-05-22T16:14:02.649Z",
        "dateReserved": "2025-04-15T17:51:21.699Z",
        "dateUpdated": "2025-08-26T15:04:47.668Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-3423 (GCVE-0-2025-3423)

    Vulnerability from cvelistv5 – Published: 2025-04-13 11:56 – Updated: 2025-09-01 10:15
    VLAI
    Title
    IBM Aspera Faspex 5 cross-site scripting
    Summary
    IBM Aspera Faspex 5.0.0 through 5.0.11 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7230757 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Aspera Faspex Affected: 5.0.0 , ≤ 5.0.11 (semver)
        cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:aspera_faspex:5.0.11:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3423",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-14T19:21:05.871543Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-14T19:21:33.530Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:aspera_faspex:5.0.11:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Aspera Faspex",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "5.0.11",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Aspera Faspex 5.0.0 through 5.0.11 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.\u003c/span\u003e"
                }
              ],
              "value": "IBM Aspera Faspex 5.0.0 through 5.0.11 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-01T10:15:36.536Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7230757"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Aspera Faspex 5 cross-site scripting",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-3423",
        "datePublished": "2025-04-13T11:56:15.398Z",
        "dateReserved": "2025-04-07T14:58:49.159Z",
        "dateUpdated": "2025-09-01T10:15:36.536Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-35907 (GCVE-0-2023-35907)

    Vulnerability from cvelistv5 – Published: 2025-01-29 16:37 – Updated: 2025-02-12 16:47
    VLAI
    Title
    IBM Aspera Faspex information disclosure
    Summary
    IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-521 - Weak Password Requirements
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Aspera Faspex Affected: 5.0.0 , ≤ 5.0.10 (semver)
        cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:aspera_faspex:5.0.10:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-35907",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-29T16:52:21.199357Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-12T16:47:02.895Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:aspera_faspex:5.0.10:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Aspera Faspex",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "5.0.10",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts."
                }
              ],
              "value": "IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-521",
                  "description": "CWE-521 Weak Password Requirements",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-29T16:37:06.966Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "url": "https://www.ibm.com/support/pages/node/7181814"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Aspera Faspex information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2023-35907",
        "datePublished": "2025-01-29T16:37:06.966Z",
        "dateReserved": "2023-06-20T02:24:31.594Z",
        "dateUpdated": "2025-02-12T16:47:02.895Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-37413 (GCVE-0-2023-37413)

    Vulnerability from cvelistv5 – Published: 2025-01-29 16:36 – Updated: 2025-02-12 16:39
    VLAI
    Title
    IBM Aspera Faspex information disclosure
    Summary
    IBM Aspera Faspex 5.0.0 through 5.0.10 could disclose sensitive username information due to an observable response discrepancy.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-204 - Response Discrepancy Information Exposure
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Aspera Faspex Affected: 5.0.0 , ≤ 5.0.10 (semver)
        cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:aspera_faspex:5.0.10:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-37413",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-29T16:52:44.263224Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-12T16:39:51.480Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:aspera_faspex:5.0.10:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Aspera Faspex",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "5.0.10",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Aspera Faspex 5.0.0 through 5.0.10 could disclose sensitive username information due to an observable response discrepancy."
                }
              ],
              "value": "IBM Aspera Faspex 5.0.0 through 5.0.10 could disclose sensitive username information due to an observable response discrepancy."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-204",
                  "description": "CWE-204 Response Discrepancy Information Exposure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-29T16:36:24.872Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "url": "https://www.ibm.com/support/pages/node/7181814"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Aspera Faspex information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2023-37413",
        "datePublished": "2025-01-29T16:36:24.872Z",
        "dateReserved": "2023-07-05T15:59:16.997Z",
        "dateUpdated": "2025-02-12T16:39:51.480Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-37398 (GCVE-0-2023-37398)

    Vulnerability from cvelistv5 – Published: 2025-01-29 16:35 – Updated: 2025-02-12 16:47
    VLAI
    Title
    IBM Aspera Faspex information disclosure
    Summary
    IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-521 - Weak Password Requirements
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Aspera Faspex Affected: 5.0.0 , ≤ 5.0.10 (semver)
        cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:aspera_faspex:5.0.10:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-37398",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-29T16:54:36.698633Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-12T16:47:19.522Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:aspera_faspex:5.0.10:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Aspera Faspex",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "5.0.10",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts."
                }
              ],
              "value": "IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-521",
                  "description": "CWE-521 Weak Password Requirements",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-29T16:35:45.779Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "url": "https://www.ibm.com/support/pages/node/7181814"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Aspera Faspex information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2023-37398",
        "datePublished": "2025-01-29T16:35:45.779Z",
        "dateReserved": "2023-07-05T15:59:03.335Z",
        "dateUpdated": "2025-02-12T16:47:19.522Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-37412 (GCVE-0-2023-37412)

    Vulnerability from cvelistv5 – Published: 2025-01-29 16:34 – Updated: 2025-02-12 16:48
    VLAI
    Title
    IBM Aspera Faspex improper access control
    Summary
    IBM Aspera Faspex 5.0.0 through 5.0.10 could allow a privileged user to make system changes without proper access controls.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-250 - Execution with Unnecessary Privileges
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Aspera Faspex Affected: 5.0.0 , ≤ 5.0.10 (semver)
        cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:aspera_faspex:5.0.10:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-37412",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-29T16:54:27.016356Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-12T16:48:00.305Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:aspera_faspex:5.0.10:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Aspera Faspex",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "5.0.10",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Aspera Faspex 5.0.0 through 5.0.10 could allow a privileged user to make system changes without proper access controls."
                }
              ],
              "value": "IBM Aspera Faspex 5.0.0 through 5.0.10 could allow a privileged user to make system changes without proper access controls."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-250",
                  "description": "CWE-250 Execution with Unnecessary Privileges",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-29T16:34:55.809Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "url": "https://www.ibm.com/support/pages/node/7181814"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Aspera Faspex improper access control",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2023-37412",
        "datePublished": "2025-01-29T16:34:55.809Z",
        "dateReserved": "2023-07-05T15:59:16.997Z",
        "dateUpdated": "2025-02-12T16:48:00.305Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-37395 (GCVE-0-2023-37395)

    Vulnerability from cvelistv5 – Published: 2024-12-11 02:49 – Updated: 2024-12-11 15:33
    VLAI
    Title
    IBM Aspera Faspex information disclosure
    Summary
    IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certain data.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Aspera Faspex Affected: 5.0.0 , ≤ 5.0.7 (semver)
        cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:aspera_faspex:5.0.7:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-37395",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-11T15:33:36.465223Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-11T15:33:45.364Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:aspera_faspex:5.0.7:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Aspera Faspex",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "5.0.7",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certain data.\u0026nbsp;"
                }
              ],
              "value": "IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certain data."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 2.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-327",
                  "description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-11T02:49:38.428Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7148632"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Aspera Faspex information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2023-37395",
        "datePublished": "2024-12-11T02:49:38.428Z",
        "dateReserved": "2023-07-05T15:59:03.334Z",
        "dateUpdated": "2024-12-11T15:33:45.364Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }