Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Aspera HSTS for CP4I by IBM

    CVE-2026-7876 (GCVE-0-2026-7876)

    Vulnerability from nvd – Published: 2026-05-27 13:56 – Updated: 2026-06-11 14:05
    VLAI
    Title
    Authentication bypass vulnerability found in Aspera High-Speed Transfer Server for Cloud Pak for Integration
    Summary
    IBM Aspera HSTS for CP4I 1.5.1 through 1.5.19 is affected by an authentication bypass vulnerability. A transfer client may be able to take advantage of this vulnerability to access files in the server's local storage that they should not have access to, when specific restriction settings are not in place.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7274127 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Aspera HSTS for CP4I Affected: 1.5.1 , ≤ 1.5.19 (semver)
        cpe:2.3:a:ibm:aspera_hsts_for_cp4i:1.5.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:aspera_hsts_for_cp4i:1.5.19:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    The vulnerabilities were reported to IBM by Yannik Marchand.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 9.1,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-7876",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-28T14:21:36.215142Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-28T14:21:59.902Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:aspera_hsts_for_cp4i:1.5.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:aspera_hsts_for_cp4i:1.5.19:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Aspera HSTS for CP4I",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "1.5.19",
                  "status": "affected",
                  "version": "1.5.1",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "The vulnerabilities were reported to IBM by Yannik Marchand."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Aspera HSTS for CP4I 1.5.1 through 1.5.19\u0026nbsp;is affected by an authentication bypass vulnerability. A transfer client may be able to take advantage of this vulnerability to access files in the server\u0027s local storage that they should not have access to, when specific restriction settings are not in place.\u003c/p\u003e"
                }
              ],
              "value": "IBM Aspera HSTS for CP4I 1.5.1 through 1.5.19\u00a0is affected by an authentication bypass vulnerability. A transfer client may be able to take advantage of this vulnerability to access files in the server\u0027s local storage that they should not have access to, when specific restriction settings are not in place."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287 Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-11T14:05:33.251Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7274127"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eProduct(s)\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eVRMF\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eRemediation/First Fix\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Aspera High-Speed Transfer Server for Cloud Pak for Integration (CP4I)\u003c/td\u003e\u003ctd\u003e1.5.20\u003c/td\u003e\u003ctd\u003e-\u0026nbsp;Access your charts to get the latest version\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e"
                }
              ],
              "value": "Product(s)VRMFRemediation/First FixIBM Aspera High-Speed Transfer Server for Cloud Pak for Integration (CP4I)1.5.20-\u00a0Access your charts to get the latest version"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Authentication bypass vulnerability found in Aspera High-Speed Transfer Server for Cloud Pak for Integration",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-7876",
        "datePublished": "2026-05-27T13:56:16.166Z",
        "dateReserved": "2026-05-05T16:12:39.223Z",
        "dateUpdated": "2026-06-11T14:05:33.251Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-7876 (GCVE-0-2026-7876)

    Vulnerability from cvelistv5 – Published: 2026-05-27 13:56 – Updated: 2026-06-11 14:05
    VLAI
    Title
    Authentication bypass vulnerability found in Aspera High-Speed Transfer Server for Cloud Pak for Integration
    Summary
    IBM Aspera HSTS for CP4I 1.5.1 through 1.5.19 is affected by an authentication bypass vulnerability. A transfer client may be able to take advantage of this vulnerability to access files in the server's local storage that they should not have access to, when specific restriction settings are not in place.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7274127 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Aspera HSTS for CP4I Affected: 1.5.1 , ≤ 1.5.19 (semver)
        cpe:2.3:a:ibm:aspera_hsts_for_cp4i:1.5.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:aspera_hsts_for_cp4i:1.5.19:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    The vulnerabilities were reported to IBM by Yannik Marchand.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 9.1,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-7876",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-28T14:21:36.215142Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-28T14:21:59.902Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:aspera_hsts_for_cp4i:1.5.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:aspera_hsts_for_cp4i:1.5.19:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Aspera HSTS for CP4I",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "1.5.19",
                  "status": "affected",
                  "version": "1.5.1",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "The vulnerabilities were reported to IBM by Yannik Marchand."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Aspera HSTS for CP4I 1.5.1 through 1.5.19\u0026nbsp;is affected by an authentication bypass vulnerability. A transfer client may be able to take advantage of this vulnerability to access files in the server\u0027s local storage that they should not have access to, when specific restriction settings are not in place.\u003c/p\u003e"
                }
              ],
              "value": "IBM Aspera HSTS for CP4I 1.5.1 through 1.5.19\u00a0is affected by an authentication bypass vulnerability. A transfer client may be able to take advantage of this vulnerability to access files in the server\u0027s local storage that they should not have access to, when specific restriction settings are not in place."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287 Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-11T14:05:33.251Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7274127"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eProduct(s)\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eVRMF\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eRemediation/First Fix\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Aspera High-Speed Transfer Server for Cloud Pak for Integration (CP4I)\u003c/td\u003e\u003ctd\u003e1.5.20\u003c/td\u003e\u003ctd\u003e-\u0026nbsp;Access your charts to get the latest version\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e"
                }
              ],
              "value": "Product(s)VRMFRemediation/First FixIBM Aspera High-Speed Transfer Server for Cloud Pak for Integration (CP4I)1.5.20-\u00a0Access your charts to get the latest version"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Authentication bypass vulnerability found in Aspera High-Speed Transfer Server for Cloud Pak for Integration",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-7876",
        "datePublished": "2026-05-27T13:56:16.166Z",
        "dateReserved": "2026-05-05T16:12:39.223Z",
        "dateUpdated": "2026-06-11T14:05:33.251Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }