Search criteria
88 vulnerabilities found for aspera_faspex by ibm
CVE-2025-36230 (GCVE-0-2025-36230)
Vulnerability from nvd – Published: 2025-12-26 14:22 – Updated: 2025-12-26 15:14
VLAI?
Title
XSS in IBM Aspera Faspex
Summary
IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
Severity ?
5.4 (Medium)
CWE
- CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Faspex 5 |
Affected:
5.0.0 , ≤ 5.0.14.1
(semver)
cpe:2.3:a:ibm:aspera_faspex_5:5.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_faspex_5:5.0.14.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36230",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-26T15:13:13.484134Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-26T15:14:53.108Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:aspera_faspex_5:5.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_faspex_5:5.0.14.1:*:*:*:*:*:*:*"
],
"product": "Aspera Faspex 5",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "5.0.14.1",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Aspera Faspex 5 5.0.0 through 5.0.14.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site.\u003c/p\u003e"
}
],
"value": "IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-26T14:22:46.035Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7255331"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM strongly recommends addressing the vulnerabilities now by upgrading to Faspex 5.0.14 available from the link below. Product Fixing VRM Platform Link to Fix IBM Aspera Faspex 5.0.14.2 Linux click here\u003c/p\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerabilities now by upgrading to Faspex 5.0.14 available from the link below. Product Fixing VRM Platform Link to Fix IBM Aspera Faspex 5.0.14.2 Linux click here"
}
],
"title": "XSS in IBM Aspera Faspex",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36230",
"datePublished": "2025-12-26T14:22:46.035Z",
"dateReserved": "2025-04-15T21:16:42.824Z",
"dateUpdated": "2025-12-26T15:14:53.108Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-36229 (GCVE-0-2025-36229)
Vulnerability from nvd – Published: 2025-12-26 14:15 – Updated: 2025-12-26 15:14
VLAI?
Title
Exposure of Sensitive System Information to an Unauthorized Control Sphere in IBM Aspera Faspex
Summary
IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 could allow authenticated users to enumerate sensitive information of data due by enumerating package identifiers.
Severity ?
CWE
- CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Faspex 5 |
Affected:
5.0.0 , ≤ 5.0.14.1
(semver)
cpe:2.3:a:ibm:aspera_faspex_5:5.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_faspex_5:5.0.14.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36229",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-26T15:13:07.014351Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-26T15:14:58.269Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:aspera_faspex_5:5.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_faspex_5:5.0.14.1:*:*:*:*:*:*:*"
],
"product": "Aspera Faspex 5",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "5.0.14.1",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Aspera Faspex 5 5.0.0 through 5.0.14.1 could allow authenticated users to enumerate sensitive information of data due by enumerating package identifiers.\u003c/p\u003e"
}
],
"value": "IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 could allow authenticated users to enumerate sensitive information of data due by enumerating package identifiers."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-26T14:16:29.869Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7255331"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\u003cdiv\u003eIBM strongly recommends addressing the vulnerabilities now by upgrading to Faspex 5.0.14 available from the link below.\u003c/div\u003e\u003cbr\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerabilities now by upgrading to Faspex 5.0.14 available from the link below."
}
],
"title": "Exposure of Sensitive System Information to an Unauthorized Control Sphere in IBM Aspera Faspex",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36229",
"datePublished": "2025-12-26T14:15:03.417Z",
"dateReserved": "2025-04-15T21:16:41.802Z",
"dateUpdated": "2025-12-26T15:14:58.269Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-36228 (GCVE-0-2025-36228)
Vulnerability from nvd – Published: 2025-12-26 14:11 – Updated: 2025-12-26 15:15
VLAI?
Title
Incorrect Execution-Assigned Permissions in IBM Aspera Faspex
Summary
IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 may allow inconsistent permissions between the user interface and backend API allowed users to access features that appeared disabled, potentially leading to misuse.
Severity ?
CWE
- CWE-279 - Incorrect Execution-Assigned Permissions
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Faspex 5 |
Affected:
5.0.0 , ≤ 5.0.14.1
(semver)
cpe:2.3:a:ibm:aspera_faspex_5:5.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_faspex_5:5.0.14.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36228",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-26T15:13:00.775886Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-26T15:15:06.304Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:aspera_faspex_5:5.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_faspex_5:5.0.14.1:*:*:*:*:*:*:*"
],
"product": "Aspera Faspex 5",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "5.0.14.1",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Aspera Faspex 5 5.0.0 through 5.0.14.1 may allow inconsistent permissions between the user interface and backend API allowed users to access features that appeared disabled, potentially leading to misuse.\u003c/p\u003e"
}
],
"value": "IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 may allow inconsistent permissions between the user interface and backend API allowed users to access features that appeared disabled, potentially leading to misuse."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-279",
"description": "CWE-279 Incorrect Execution-Assigned Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-26T14:11:45.492Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7255331"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\u003cdiv\u003eIBM strongly recommends addressing the vulnerabilities now by upgrading to Faspex 5.0.14 available from the link below.\u003c/div\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerabilities now by upgrading to Faspex 5.0.14 available from the link below."
}
],
"title": "Incorrect Execution-Assigned Permissions in IBM Aspera Faspex",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36228",
"datePublished": "2025-12-26T14:11:45.492Z",
"dateReserved": "2025-04-15T21:16:41.802Z",
"dateUpdated": "2025-12-26T15:15:06.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-36225 (GCVE-0-2025-36225)
Vulnerability from nvd – Published: 2025-10-09 13:56 – Updated: 2025-10-09 14:43
VLAI?
Title
IBM Aspera Faspex information disclosure
Summary
IBM Aspera 5.0.0 through 5.0.13.1
could disclose sensitive user information from the system to an authenticated user due to an observable discrepancy of returned data.
Severity ?
4.3 (Medium)
CWE
- CWE-203 - Observable Discrepancy
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Faspex |
Affected:
5.0.0 , ≤ 5.0.13.1
(semver)
cpe:2.3:a:ibm:aspera_faspex:5.0.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_faspex:5.0.13.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36225",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-09T14:43:19.829682Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-09T14:43:28.382Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:aspera_faspex:5.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_faspex:5.0.13.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Aspera Faspex",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "5.0.13.1",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Aspera 5\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.0.0 through 5.0.13.1 \u003c/span\u003e\n\ncould disclose sensitive user information from the system to an authenticated user due to an observable discrepancy of returned data."
}
],
"value": "IBM Aspera 5.0.0 through 5.0.13.1 \n\ncould disclose sensitive user information from the system to an authenticated user due to an observable discrepancy of returned data."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203 Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-09T13:56:19.270Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7247502"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eIBM strongly recommends addressing the vulnerabilities now by upgrading to Faspex 5.0.14 available from the link below.\u003c/div\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eProduct\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFixing VRM\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003ePlatform\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eLink to Fix\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Aspera Faspex\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e5.0.14\u003c/div\u003e\u003c/td\u003e\u003ctd\u003eLinux\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7EOther%20software\u0026amp;product=ibm/Other+software/IBM+Aspera+Faspex+Server\u0026amp;release=All\u0026amp;platform=All\u0026amp;function=fixId\u0026amp;fixids=ibm-aspera-faspex-5.0.14.8861.x86_64\u0026amp;includeRequisites=1\u0026amp;includeSupersedes=0\u0026amp;downloadMethod=http\"\u003eclick here\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerabilities now by upgrading to Faspex 5.0.14 available from the link below.\n\n\u00a0\n\nProductFixing VRMPlatformLink to FixIBM Aspera Faspex5.0.14\n\nLinux click here https://www.ibm.com/support/fixcentral/swg/downloadFixes"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Aspera Faspex information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36225",
"datePublished": "2025-10-09T13:56:19.270Z",
"dateReserved": "2025-04-15T21:16:41.802Z",
"dateUpdated": "2025-10-09T14:43:28.382Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-36171 (GCVE-0-2025-36171)
Vulnerability from nvd – Published: 2025-10-09 13:57 – Updated: 2025-10-09 14:15
VLAI?
Title
IBM Aspera Faspex denial of service
Summary
IBM Aspera Faspex 5.0.0 through 5.0.13.1 could allow a privileged user to cause a denial of service from improperly validated API input due to excessive resource consumption.
Severity ?
4.9 (Medium)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Faspex |
Affected:
5.0.0 , ≤ 5.0.13.1
(semver)
cpe:2.3:a:ibm:aspera_faspex:5.0.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_faspex:5.0.13.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36171",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-09T14:15:01.801005Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-09T14:15:08.708Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:aspera_faspex:5.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_faspex:5.0.13.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Aspera Faspex",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "5.0.13.1",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Aspera Faspex 5.0.0 through 5.0.13.1\u0026nbsp;could allow a privileged user to cause a denial of service from improperly validated API input due to excessive resource consumption."
}
],
"value": "IBM Aspera Faspex 5.0.0 through 5.0.13.1\u00a0could allow a privileged user to cause a denial of service from improperly validated API input due to excessive resource consumption."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-09T13:57:51.884Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7247502"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eIBM strongly recommends addressing the vulnerabilities now by upgrading to Faspex 5.0.14 available from the link below.\u003c/div\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eProduct\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFixing VRM\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003ePlatform\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eLink to Fix\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Aspera Faspex\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e5.0.14\u003c/div\u003e\u003c/td\u003e\u003ctd\u003eLinux\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7EOther%20software\u0026amp;product=ibm/Other+software/IBM+Aspera+Faspex+Server\u0026amp;release=All\u0026amp;platform=All\u0026amp;function=fixId\u0026amp;fixids=ibm-aspera-faspex-5.0.14.8861.x86_64\u0026amp;includeRequisites=1\u0026amp;includeSupersedes=0\u0026amp;downloadMethod=http\"\u003eclick here\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerabilities now by upgrading to Faspex 5.0.14 available from the link below.\n\n\u00a0\n\nProductFixing VRMPlatformLink to FixIBM Aspera Faspex5.0.14\n\nLinux click here https://www.ibm.com/support/fixcentral/swg/downloadFixes"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Aspera Faspex denial of service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36171",
"datePublished": "2025-10-09T13:57:51.884Z",
"dateReserved": "2025-04-15T21:16:22.577Z",
"dateUpdated": "2025-10-09T14:15:08.708Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37401 (GCVE-0-2023-37401)
Vulnerability from nvd – Published: 2025-10-09 13:54 – Updated: 2025-10-09 19:06
VLAI?
Title
IBM Aspera Faspex cross-origin resource sharing
Summary
IBM Aspera Faspex 5.0.0 through 5.0.13.1 uses a cross-domain policy file that includes domains that should not be trusted.
Severity ?
5.3 (Medium)
CWE
- CWE-942 - Overly Permissive Cross-domain Whitelist
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Faspex |
Affected:
5.0.0 , ≤ 5.0.13.1
(semver)
cpe:2.3:a:ibm:aspera_faspex:5.0.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_faspex:5.0.13.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37401",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-09T19:05:57.796792Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-09T19:06:07.254Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:aspera_faspex:5.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_faspex:5.0.13.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Aspera Faspex",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "5.0.13.1",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Aspera Faspex 5.0.0 through 5.0.13.1 uses a cross-domain policy file that includes domains that should not be trusted."
}
],
"value": "IBM Aspera Faspex 5.0.0 through 5.0.13.1 uses a cross-domain policy file that includes domains that should not be trusted."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-942",
"description": "CWE-942 Overly Permissive Cross-domain Whitelist",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-09T13:56:50.098Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7247502"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eIBM strongly recommends addressing the vulnerabilities now by upgrading to Faspex 5.0.14 available from the link below.\u003c/div\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eProduct\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFixing VRM\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003ePlatform\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eLink to Fix\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Aspera Faspex\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e5.0.14\u003c/div\u003e\u003c/td\u003e\u003ctd\u003eLinux\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7EOther%20software\u0026amp;product=ibm/Other+software/IBM+Aspera+Faspex+Server\u0026amp;release=All\u0026amp;platform=All\u0026amp;function=fixId\u0026amp;fixids=ibm-aspera-faspex-5.0.14.8861.x86_64\u0026amp;includeRequisites=1\u0026amp;includeSupersedes=0\u0026amp;downloadMethod=http\"\u003eclick here\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerabilities now by upgrading to Faspex 5.0.14 available from the link below.\n\n\u00a0\n\nProductFixing VRMPlatformLink to FixIBM Aspera Faspex5.0.14\n\nLinux click here https://www.ibm.com/support/fixcentral/swg/downloadFixes"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Aspera Faspex cross-origin resource sharing",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-37401",
"datePublished": "2025-10-09T13:54:38.846Z",
"dateReserved": "2023-07-05T15:59:03.335Z",
"dateUpdated": "2025-10-09T19:06:07.254Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-36040 (GCVE-0-2025-36040)
Vulnerability from nvd – Published: 2025-07-30 23:48 – Updated: 2025-07-31 17:55
VLAI?
Title
IBM Aspera Faspex session fixation
Summary
IBM Aspera Faspex 5.0.0 through 5.0.12.1 could allow an authenticated user to perform unauthorized actions due to client-side enforcement of sever side security mechanisms.
Severity ?
6.5 (Medium)
CWE
- CWE-613 - Insufficient Session Expiration
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Faspex |
Affected:
5.0.0 , ≤ 5.0.12.1
(semver)
cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_faspex:5.0.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_faspex:5.0.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_faspex:5.0.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_faspex:5.0.4:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_faspex:5.0.5:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_faspex:5.0.6:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_faspex:5.0.7:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_faspex:5.0.8:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_faspex:5.0.12:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_faspex:5.0.12.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36040",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-31T13:39:35.806039Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-31T17:55:19.229Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_faspex:5.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_faspex:5.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_faspex:5.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_faspex:5.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_faspex:5.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_faspex:5.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_faspex:5.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_faspex:5.0.8:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_faspex:5.0.12:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_faspex:5.0.12.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Aspera Faspex",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "5.0.12.1",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Aspera Faspex 5.0.0 through 5.0.12.1 could allow an authenticated user to perform unauthorized actions due to client-side enforcement of sever side security mechanisms."
}
],
"value": "IBM Aspera Faspex 5.0.0 through 5.0.12.1 could allow an authenticated user to perform unauthorized actions due to client-side enforcement of sever side security mechanisms."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613 Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T23:48:52.209Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7241007"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM strongly recommends addressing the vulnerabilities now by upgrading to Faspex 5.0.13.\u003cbr\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerabilities now by upgrading to Faspex 5.0.13."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Aspera Faspex session fixation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36040",
"datePublished": "2025-07-30T23:48:52.209Z",
"dateReserved": "2025-04-15T21:16:10.568Z",
"dateUpdated": "2025-07-31T17:55:19.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-36039 (GCVE-0-2025-36039)
Vulnerability from nvd – Published: 2025-07-30 23:47 – Updated: 2025-07-31 17:55
VLAI?
Title
IBM Aspera Faspex bypass security
Summary
IBM Aspera Faspex 5.0.0 through 5.0.12.1 could allow an authenticated user to perform unauthorized actions due to client-side enforcement of sever side security mechanisms,
Severity ?
6.5 (Medium)
CWE
- CWE-602 - Client-Side Enforcement of Server-Side Security
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Faspex |
Affected:
5.0.0 , ≤ 5.0.12.1
(semver)
cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_faspex:5.0.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_faspex:5.0.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_faspex:5.0.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_faspex:5.0.4:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_faspex:5.0.5:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_faspex:5.0.6:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_faspex:5.0.7:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_faspex:5.0.8:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_faspex:5.0.12:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_faspex:5.0.12.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36039",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-31T13:39:39.869388Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-31T17:55:40.360Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_faspex:5.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_faspex:5.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_faspex:5.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_faspex:5.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_faspex:5.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_faspex:5.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_faspex:5.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_faspex:5.0.8:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_faspex:5.0.12:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_faspex:5.0.12.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Aspera Faspex",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "5.0.12.1",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Aspera Faspex 5.0.0 through 5.0.12.1 could allow an authenticated user to perform unauthorized actions due to client-side enforcement of sever side security mechanisms,"
}
],
"value": "IBM Aspera Faspex 5.0.0 through 5.0.12.1 could allow an authenticated user to perform unauthorized actions due to client-side enforcement of sever side security mechanisms,"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-602",
"description": "CWE-602 Client-Side Enforcement of Server-Side Security",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T23:47:25.483Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7241007"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM strongly recommends addressing the vulnerabilities now by upgrading to Faspex 5.0.13.\u003cbr\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerabilities now by upgrading to Faspex 5.0.13."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Aspera Faspex bypass security",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36039",
"datePublished": "2025-07-30T23:47:25.483Z",
"dateReserved": "2025-04-15T21:16:09.685Z",
"dateUpdated": "2025-07-31T17:55:40.360Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-33138 (GCVE-0-2025-33138)
Vulnerability from nvd – Published: 2025-05-22 16:37 – Updated: 2025-08-26 15:04
VLAI?
Title
IBM Aspera Faspex HTML injection
Summary
IBM Aspera Faspex 5.0.0 through 5.0.12 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
Severity ?
5.4 (Medium)
CWE
- CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Faspex |
Affected:
5.0.0 , ≤ 5.0.12
(semver)
cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_faspex:5.0.12:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-33138",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-22T17:42:25.226671Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T18:02:51.533Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_faspex:5.0.12:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Aspera Faspex",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "5.0.12",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Aspera Faspex 5.0.0 through 5.0.12 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site."
}
],
"value": "IBM Aspera Faspex 5.0.0 through 5.0.12 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-26T15:04:09.662Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7234114"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM strongly recommends addressing the vulnerabilities now by upgrading the container images to 5.0.12.1 available from IBM Container Registry\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerabilities now by upgrading the container images to 5.0.12.1 available from IBM Container Registry"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Aspera Faspex HTML injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-33138",
"datePublished": "2025-05-22T16:37:28.698Z",
"dateReserved": "2025-04-15T17:51:21.700Z",
"dateUpdated": "2025-08-26T15:04:09.662Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-33137 (GCVE-0-2025-33137)
Vulnerability from nvd – Published: 2025-05-22 16:36 – Updated: 2025-08-26 15:05
VLAI?
Title
IBM Aspera Faspex data modification
Summary
IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to client-side enforcement of server-side security.
Severity ?
7.1 (High)
CWE
- CWE-602 - Client-Side Enforcement of Server-Side Security
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Faspex |
Affected:
5.0.0 , ≤ 5.0.12
(semver)
cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_faspex:5.0.12:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-33137",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-22T17:42:32.748335Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T18:04:27.703Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_faspex:5.0.12:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Aspera Faspex",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "5.0.12",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to client-side enforcement of server-side security."
}
],
"value": "IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to client-side enforcement of server-side security."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-602",
"description": "CWE-602 Client-Side Enforcement of Server-Side Security",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-26T15:05:04.735Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7234114"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM strongly recommends addressing the vulnerabilities now by upgrading the container images to 5.0.12.1 available from IBM Container Registry\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerabilities now by upgrading the container images to 5.0.12.1 available from IBM Container Registry"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Aspera Faspex data modification",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-33137",
"datePublished": "2025-05-22T16:36:04.256Z",
"dateReserved": "2025-04-15T17:51:21.700Z",
"dateUpdated": "2025-08-26T15:05:04.735Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-33136 (GCVE-0-2025-33136)
Vulnerability from nvd – Published: 2025-05-22 16:14 – Updated: 2025-08-26 15:04
VLAI?
Title
IBM Aspera Faspex data modification
Summary
IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to improper protection of assumed immutable data.
Severity ?
7.1 (High)
CWE
- CWE-471 - Modification of Assumed-Immutable Data (MAID)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Faspex |
Affected:
5.0.0 , ≤ 5.0.12
(semver)
cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_faspex:5.0.12:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-33136",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-22T17:42:42.800346Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T18:04:48.118Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_faspex:5.0.12:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Aspera Faspex",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "5.0.12",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to improper protection of assumed immutable data."
}
],
"value": "IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to improper protection of assumed immutable data."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-471",
"description": "CWE-471 Modification of Assumed-Immutable Data (MAID)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-26T15:04:47.668Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7234114"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM strongly recommends addressing the vulnerabilities now by upgrading the container images to 5.0.12.1 available from IBM Container Registry\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerabilities now by upgrading the container images to 5.0.12.1 available from IBM Container Registry"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Aspera Faspex data modification",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-33136",
"datePublished": "2025-05-22T16:14:02.649Z",
"dateReserved": "2025-04-15T17:51:21.699Z",
"dateUpdated": "2025-08-26T15:04:47.668Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3423 (GCVE-0-2025-3423)
Vulnerability from nvd – Published: 2025-04-13 11:56 – Updated: 2025-09-01 10:15
VLAI?
Title
IBM Aspera Faspex 5 cross-site scripting
Summary
IBM Aspera Faspex 5.0.0 through 5.0.11 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Faspex |
Affected:
5.0.0 , ≤ 5.0.11
(semver)
cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_faspex:5.0.11:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3423",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T19:21:05.871543Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T19:21:33.530Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_faspex:5.0.11:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Aspera Faspex",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "5.0.11",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Aspera Faspex 5.0.0 through 5.0.11 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.\u003c/span\u003e"
}
],
"value": "IBM Aspera Faspex 5.0.0 through 5.0.11 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-01T10:15:36.536Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7230757"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Aspera Faspex 5 cross-site scripting",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-3423",
"datePublished": "2025-04-13T11:56:15.398Z",
"dateReserved": "2025-04-07T14:58:49.159Z",
"dateUpdated": "2025-09-01T10:15:36.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37413 (GCVE-0-2023-37413)
Vulnerability from nvd – Published: 2025-01-29 16:36 – Updated: 2025-02-12 16:39
VLAI?
Title
IBM Aspera Faspex information disclosure
Summary
IBM Aspera Faspex 5.0.0 through 5.0.10 could disclose sensitive username information due to an observable response discrepancy.
Severity ?
5.3 (Medium)
CWE
- CWE-204 - Response Discrepancy Information Exposure
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Faspex |
Affected:
5.0.0 , ≤ 5.0.10
(semver)
cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_faspex:5.0.10:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37413",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T16:52:44.263224Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T16:39:51.480Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_faspex:5.0.10:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Aspera Faspex",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "5.0.10",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Aspera Faspex 5.0.0 through 5.0.10 could disclose sensitive username information due to an observable response discrepancy."
}
],
"value": "IBM Aspera Faspex 5.0.0 through 5.0.10 could disclose sensitive username information due to an observable response discrepancy."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-204",
"description": "CWE-204 Response Discrepancy Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-29T16:36:24.872Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7181814"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Aspera Faspex information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-37413",
"datePublished": "2025-01-29T16:36:24.872Z",
"dateReserved": "2023-07-05T15:59:16.997Z",
"dateUpdated": "2025-02-12T16:39:51.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37412 (GCVE-0-2023-37412)
Vulnerability from nvd – Published: 2025-01-29 16:34 – Updated: 2025-02-12 16:48
VLAI?
Title
IBM Aspera Faspex improper access control
Summary
IBM Aspera Faspex 5.0.0 through 5.0.10 could allow a privileged user to make system changes without proper access controls.
Severity ?
4.4 (Medium)
CWE
- CWE-250 - Execution with Unnecessary Privileges
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Faspex |
Affected:
5.0.0 , ≤ 5.0.10
(semver)
cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_faspex:5.0.10:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37412",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T16:54:27.016356Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T16:48:00.305Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_faspex:5.0.10:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Aspera Faspex",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "5.0.10",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Aspera Faspex 5.0.0 through 5.0.10 could allow a privileged user to make system changes without proper access controls."
}
],
"value": "IBM Aspera Faspex 5.0.0 through 5.0.10 could allow a privileged user to make system changes without proper access controls."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250 Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-29T16:34:55.809Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7181814"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Aspera Faspex improper access control",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-37412",
"datePublished": "2025-01-29T16:34:55.809Z",
"dateReserved": "2023-07-05T15:59:16.997Z",
"dateUpdated": "2025-02-12T16:48:00.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37398 (GCVE-0-2023-37398)
Vulnerability from nvd – Published: 2025-01-29 16:35 – Updated: 2025-02-12 16:47
VLAI?
Title
IBM Aspera Faspex information disclosure
Summary
IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
Severity ?
5.9 (Medium)
CWE
- CWE-521 - Weak Password Requirements
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Faspex |
Affected:
5.0.0 , ≤ 5.0.10
(semver)
cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_faspex:5.0.10:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37398",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T16:54:36.698633Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T16:47:19.522Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_faspex:5.0.10:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Aspera Faspex",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "5.0.10",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts."
}
],
"value": "IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-521",
"description": "CWE-521 Weak Password Requirements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-29T16:35:45.779Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7181814"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Aspera Faspex information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-37398",
"datePublished": "2025-01-29T16:35:45.779Z",
"dateReserved": "2023-07-05T15:59:03.335Z",
"dateUpdated": "2025-02-12T16:47:19.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-35907 (GCVE-0-2023-35907)
Vulnerability from nvd – Published: 2025-01-29 16:37 – Updated: 2025-02-12 16:47
VLAI?
Title
IBM Aspera Faspex information disclosure
Summary
IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
Severity ?
5.9 (Medium)
CWE
- CWE-521 - Weak Password Requirements
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Faspex |
Affected:
5.0.0 , ≤ 5.0.10
(semver)
cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_faspex:5.0.10:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35907",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T16:52:21.199357Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T16:47:02.895Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_faspex:5.0.10:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Aspera Faspex",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "5.0.10",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts."
}
],
"value": "IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-521",
"description": "CWE-521 Weak Password Requirements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-29T16:37:06.966Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7181814"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Aspera Faspex information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-35907",
"datePublished": "2025-01-29T16:37:06.966Z",
"dateReserved": "2023-06-20T02:24:31.594Z",
"dateUpdated": "2025-02-12T16:47:02.895Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-36230 (GCVE-0-2025-36230)
Vulnerability from cvelistv5 – Published: 2025-12-26 14:22 – Updated: 2025-12-26 15:14
VLAI?
Title
XSS in IBM Aspera Faspex
Summary
IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
Severity ?
5.4 (Medium)
CWE
- CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Faspex 5 |
Affected:
5.0.0 , ≤ 5.0.14.1
(semver)
cpe:2.3:a:ibm:aspera_faspex_5:5.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_faspex_5:5.0.14.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36230",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-26T15:13:13.484134Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-26T15:14:53.108Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:aspera_faspex_5:5.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_faspex_5:5.0.14.1:*:*:*:*:*:*:*"
],
"product": "Aspera Faspex 5",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "5.0.14.1",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Aspera Faspex 5 5.0.0 through 5.0.14.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site.\u003c/p\u003e"
}
],
"value": "IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-26T14:22:46.035Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7255331"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM strongly recommends addressing the vulnerabilities now by upgrading to Faspex 5.0.14 available from the link below. Product Fixing VRM Platform Link to Fix IBM Aspera Faspex 5.0.14.2 Linux click here\u003c/p\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerabilities now by upgrading to Faspex 5.0.14 available from the link below. Product Fixing VRM Platform Link to Fix IBM Aspera Faspex 5.0.14.2 Linux click here"
}
],
"title": "XSS in IBM Aspera Faspex",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36230",
"datePublished": "2025-12-26T14:22:46.035Z",
"dateReserved": "2025-04-15T21:16:42.824Z",
"dateUpdated": "2025-12-26T15:14:53.108Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-36229 (GCVE-0-2025-36229)
Vulnerability from cvelistv5 – Published: 2025-12-26 14:15 – Updated: 2025-12-26 15:14
VLAI?
Title
Exposure of Sensitive System Information to an Unauthorized Control Sphere in IBM Aspera Faspex
Summary
IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 could allow authenticated users to enumerate sensitive information of data due by enumerating package identifiers.
Severity ?
CWE
- CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Faspex 5 |
Affected:
5.0.0 , ≤ 5.0.14.1
(semver)
cpe:2.3:a:ibm:aspera_faspex_5:5.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_faspex_5:5.0.14.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36229",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-26T15:13:07.014351Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-26T15:14:58.269Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:aspera_faspex_5:5.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_faspex_5:5.0.14.1:*:*:*:*:*:*:*"
],
"product": "Aspera Faspex 5",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "5.0.14.1",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Aspera Faspex 5 5.0.0 through 5.0.14.1 could allow authenticated users to enumerate sensitive information of data due by enumerating package identifiers.\u003c/p\u003e"
}
],
"value": "IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 could allow authenticated users to enumerate sensitive information of data due by enumerating package identifiers."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-26T14:16:29.869Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7255331"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\u003cdiv\u003eIBM strongly recommends addressing the vulnerabilities now by upgrading to Faspex 5.0.14 available from the link below.\u003c/div\u003e\u003cbr\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerabilities now by upgrading to Faspex 5.0.14 available from the link below."
}
],
"title": "Exposure of Sensitive System Information to an Unauthorized Control Sphere in IBM Aspera Faspex",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36229",
"datePublished": "2025-12-26T14:15:03.417Z",
"dateReserved": "2025-04-15T21:16:41.802Z",
"dateUpdated": "2025-12-26T15:14:58.269Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-36228 (GCVE-0-2025-36228)
Vulnerability from cvelistv5 – Published: 2025-12-26 14:11 – Updated: 2025-12-26 15:15
VLAI?
Title
Incorrect Execution-Assigned Permissions in IBM Aspera Faspex
Summary
IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 may allow inconsistent permissions between the user interface and backend API allowed users to access features that appeared disabled, potentially leading to misuse.
Severity ?
CWE
- CWE-279 - Incorrect Execution-Assigned Permissions
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Faspex 5 |
Affected:
5.0.0 , ≤ 5.0.14.1
(semver)
cpe:2.3:a:ibm:aspera_faspex_5:5.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_faspex_5:5.0.14.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36228",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-26T15:13:00.775886Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-26T15:15:06.304Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:aspera_faspex_5:5.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_faspex_5:5.0.14.1:*:*:*:*:*:*:*"
],
"product": "Aspera Faspex 5",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "5.0.14.1",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Aspera Faspex 5 5.0.0 through 5.0.14.1 may allow inconsistent permissions between the user interface and backend API allowed users to access features that appeared disabled, potentially leading to misuse.\u003c/p\u003e"
}
],
"value": "IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 may allow inconsistent permissions between the user interface and backend API allowed users to access features that appeared disabled, potentially leading to misuse."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-279",
"description": "CWE-279 Incorrect Execution-Assigned Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-26T14:11:45.492Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7255331"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\u003cdiv\u003eIBM strongly recommends addressing the vulnerabilities now by upgrading to Faspex 5.0.14 available from the link below.\u003c/div\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerabilities now by upgrading to Faspex 5.0.14 available from the link below."
}
],
"title": "Incorrect Execution-Assigned Permissions in IBM Aspera Faspex",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36228",
"datePublished": "2025-12-26T14:11:45.492Z",
"dateReserved": "2025-04-15T21:16:41.802Z",
"dateUpdated": "2025-12-26T15:15:06.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-36171 (GCVE-0-2025-36171)
Vulnerability from cvelistv5 – Published: 2025-10-09 13:57 – Updated: 2025-10-09 14:15
VLAI?
Title
IBM Aspera Faspex denial of service
Summary
IBM Aspera Faspex 5.0.0 through 5.0.13.1 could allow a privileged user to cause a denial of service from improperly validated API input due to excessive resource consumption.
Severity ?
4.9 (Medium)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Faspex |
Affected:
5.0.0 , ≤ 5.0.13.1
(semver)
cpe:2.3:a:ibm:aspera_faspex:5.0.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_faspex:5.0.13.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36171",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-09T14:15:01.801005Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-09T14:15:08.708Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:aspera_faspex:5.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_faspex:5.0.13.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Aspera Faspex",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "5.0.13.1",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Aspera Faspex 5.0.0 through 5.0.13.1\u0026nbsp;could allow a privileged user to cause a denial of service from improperly validated API input due to excessive resource consumption."
}
],
"value": "IBM Aspera Faspex 5.0.0 through 5.0.13.1\u00a0could allow a privileged user to cause a denial of service from improperly validated API input due to excessive resource consumption."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-09T13:57:51.884Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7247502"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eIBM strongly recommends addressing the vulnerabilities now by upgrading to Faspex 5.0.14 available from the link below.\u003c/div\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eProduct\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFixing VRM\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003ePlatform\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eLink to Fix\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Aspera Faspex\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e5.0.14\u003c/div\u003e\u003c/td\u003e\u003ctd\u003eLinux\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7EOther%20software\u0026amp;product=ibm/Other+software/IBM+Aspera+Faspex+Server\u0026amp;release=All\u0026amp;platform=All\u0026amp;function=fixId\u0026amp;fixids=ibm-aspera-faspex-5.0.14.8861.x86_64\u0026amp;includeRequisites=1\u0026amp;includeSupersedes=0\u0026amp;downloadMethod=http\"\u003eclick here\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerabilities now by upgrading to Faspex 5.0.14 available from the link below.\n\n\u00a0\n\nProductFixing VRMPlatformLink to FixIBM Aspera Faspex5.0.14\n\nLinux click here https://www.ibm.com/support/fixcentral/swg/downloadFixes"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Aspera Faspex denial of service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36171",
"datePublished": "2025-10-09T13:57:51.884Z",
"dateReserved": "2025-04-15T21:16:22.577Z",
"dateUpdated": "2025-10-09T14:15:08.708Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-36225 (GCVE-0-2025-36225)
Vulnerability from cvelistv5 – Published: 2025-10-09 13:56 – Updated: 2025-10-09 14:43
VLAI?
Title
IBM Aspera Faspex information disclosure
Summary
IBM Aspera 5.0.0 through 5.0.13.1
could disclose sensitive user information from the system to an authenticated user due to an observable discrepancy of returned data.
Severity ?
4.3 (Medium)
CWE
- CWE-203 - Observable Discrepancy
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Faspex |
Affected:
5.0.0 , ≤ 5.0.13.1
(semver)
cpe:2.3:a:ibm:aspera_faspex:5.0.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_faspex:5.0.13.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36225",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-09T14:43:19.829682Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-09T14:43:28.382Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:aspera_faspex:5.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_faspex:5.0.13.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Aspera Faspex",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "5.0.13.1",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Aspera 5\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.0.0 through 5.0.13.1 \u003c/span\u003e\n\ncould disclose sensitive user information from the system to an authenticated user due to an observable discrepancy of returned data."
}
],
"value": "IBM Aspera 5.0.0 through 5.0.13.1 \n\ncould disclose sensitive user information from the system to an authenticated user due to an observable discrepancy of returned data."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203 Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-09T13:56:19.270Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7247502"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eIBM strongly recommends addressing the vulnerabilities now by upgrading to Faspex 5.0.14 available from the link below.\u003c/div\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eProduct\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFixing VRM\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003ePlatform\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eLink to Fix\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Aspera Faspex\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e5.0.14\u003c/div\u003e\u003c/td\u003e\u003ctd\u003eLinux\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7EOther%20software\u0026amp;product=ibm/Other+software/IBM+Aspera+Faspex+Server\u0026amp;release=All\u0026amp;platform=All\u0026amp;function=fixId\u0026amp;fixids=ibm-aspera-faspex-5.0.14.8861.x86_64\u0026amp;includeRequisites=1\u0026amp;includeSupersedes=0\u0026amp;downloadMethod=http\"\u003eclick here\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerabilities now by upgrading to Faspex 5.0.14 available from the link below.\n\n\u00a0\n\nProductFixing VRMPlatformLink to FixIBM Aspera Faspex5.0.14\n\nLinux click here https://www.ibm.com/support/fixcentral/swg/downloadFixes"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Aspera Faspex information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36225",
"datePublished": "2025-10-09T13:56:19.270Z",
"dateReserved": "2025-04-15T21:16:41.802Z",
"dateUpdated": "2025-10-09T14:43:28.382Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37401 (GCVE-0-2023-37401)
Vulnerability from cvelistv5 – Published: 2025-10-09 13:54 – Updated: 2025-10-09 19:06
VLAI?
Title
IBM Aspera Faspex cross-origin resource sharing
Summary
IBM Aspera Faspex 5.0.0 through 5.0.13.1 uses a cross-domain policy file that includes domains that should not be trusted.
Severity ?
5.3 (Medium)
CWE
- CWE-942 - Overly Permissive Cross-domain Whitelist
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Faspex |
Affected:
5.0.0 , ≤ 5.0.13.1
(semver)
cpe:2.3:a:ibm:aspera_faspex:5.0.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_faspex:5.0.13.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37401",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-09T19:05:57.796792Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-09T19:06:07.254Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:aspera_faspex:5.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_faspex:5.0.13.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Aspera Faspex",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "5.0.13.1",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Aspera Faspex 5.0.0 through 5.0.13.1 uses a cross-domain policy file that includes domains that should not be trusted."
}
],
"value": "IBM Aspera Faspex 5.0.0 through 5.0.13.1 uses a cross-domain policy file that includes domains that should not be trusted."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-942",
"description": "CWE-942 Overly Permissive Cross-domain Whitelist",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-09T13:56:50.098Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7247502"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eIBM strongly recommends addressing the vulnerabilities now by upgrading to Faspex 5.0.14 available from the link below.\u003c/div\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eProduct\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFixing VRM\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003ePlatform\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eLink to Fix\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Aspera Faspex\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e5.0.14\u003c/div\u003e\u003c/td\u003e\u003ctd\u003eLinux\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7EOther%20software\u0026amp;product=ibm/Other+software/IBM+Aspera+Faspex+Server\u0026amp;release=All\u0026amp;platform=All\u0026amp;function=fixId\u0026amp;fixids=ibm-aspera-faspex-5.0.14.8861.x86_64\u0026amp;includeRequisites=1\u0026amp;includeSupersedes=0\u0026amp;downloadMethod=http\"\u003eclick here\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerabilities now by upgrading to Faspex 5.0.14 available from the link below.\n\n\u00a0\n\nProductFixing VRMPlatformLink to FixIBM Aspera Faspex5.0.14\n\nLinux click here https://www.ibm.com/support/fixcentral/swg/downloadFixes"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Aspera Faspex cross-origin resource sharing",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-37401",
"datePublished": "2025-10-09T13:54:38.846Z",
"dateReserved": "2023-07-05T15:59:03.335Z",
"dateUpdated": "2025-10-09T19:06:07.254Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-36040 (GCVE-0-2025-36040)
Vulnerability from cvelistv5 – Published: 2025-07-30 23:48 – Updated: 2025-07-31 17:55
VLAI?
Title
IBM Aspera Faspex session fixation
Summary
IBM Aspera Faspex 5.0.0 through 5.0.12.1 could allow an authenticated user to perform unauthorized actions due to client-side enforcement of sever side security mechanisms.
Severity ?
6.5 (Medium)
CWE
- CWE-613 - Insufficient Session Expiration
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Faspex |
Affected:
5.0.0 , ≤ 5.0.12.1
(semver)
cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_faspex:5.0.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_faspex:5.0.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_faspex:5.0.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_faspex:5.0.4:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_faspex:5.0.5:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_faspex:5.0.6:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_faspex:5.0.7:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_faspex:5.0.8:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_faspex:5.0.12:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_faspex:5.0.12.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36040",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-31T13:39:35.806039Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-31T17:55:19.229Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_faspex:5.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_faspex:5.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_faspex:5.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_faspex:5.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_faspex:5.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_faspex:5.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_faspex:5.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_faspex:5.0.8:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_faspex:5.0.12:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_faspex:5.0.12.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Aspera Faspex",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "5.0.12.1",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Aspera Faspex 5.0.0 through 5.0.12.1 could allow an authenticated user to perform unauthorized actions due to client-side enforcement of sever side security mechanisms."
}
],
"value": "IBM Aspera Faspex 5.0.0 through 5.0.12.1 could allow an authenticated user to perform unauthorized actions due to client-side enforcement of sever side security mechanisms."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613 Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T23:48:52.209Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7241007"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM strongly recommends addressing the vulnerabilities now by upgrading to Faspex 5.0.13.\u003cbr\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerabilities now by upgrading to Faspex 5.0.13."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Aspera Faspex session fixation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36040",
"datePublished": "2025-07-30T23:48:52.209Z",
"dateReserved": "2025-04-15T21:16:10.568Z",
"dateUpdated": "2025-07-31T17:55:19.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-36039 (GCVE-0-2025-36039)
Vulnerability from cvelistv5 – Published: 2025-07-30 23:47 – Updated: 2025-07-31 17:55
VLAI?
Title
IBM Aspera Faspex bypass security
Summary
IBM Aspera Faspex 5.0.0 through 5.0.12.1 could allow an authenticated user to perform unauthorized actions due to client-side enforcement of sever side security mechanisms,
Severity ?
6.5 (Medium)
CWE
- CWE-602 - Client-Side Enforcement of Server-Side Security
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Faspex |
Affected:
5.0.0 , ≤ 5.0.12.1
(semver)
cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_faspex:5.0.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_faspex:5.0.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_faspex:5.0.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_faspex:5.0.4:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_faspex:5.0.5:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_faspex:5.0.6:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_faspex:5.0.7:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_faspex:5.0.8:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_faspex:5.0.12:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_faspex:5.0.12.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36039",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-31T13:39:39.869388Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-31T17:55:40.360Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_faspex:5.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_faspex:5.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_faspex:5.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_faspex:5.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_faspex:5.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_faspex:5.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_faspex:5.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_faspex:5.0.8:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_faspex:5.0.12:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_faspex:5.0.12.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Aspera Faspex",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "5.0.12.1",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Aspera Faspex 5.0.0 through 5.0.12.1 could allow an authenticated user to perform unauthorized actions due to client-side enforcement of sever side security mechanisms,"
}
],
"value": "IBM Aspera Faspex 5.0.0 through 5.0.12.1 could allow an authenticated user to perform unauthorized actions due to client-side enforcement of sever side security mechanisms,"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-602",
"description": "CWE-602 Client-Side Enforcement of Server-Side Security",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T23:47:25.483Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7241007"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM strongly recommends addressing the vulnerabilities now by upgrading to Faspex 5.0.13.\u003cbr\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerabilities now by upgrading to Faspex 5.0.13."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Aspera Faspex bypass security",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36039",
"datePublished": "2025-07-30T23:47:25.483Z",
"dateReserved": "2025-04-15T21:16:09.685Z",
"dateUpdated": "2025-07-31T17:55:40.360Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-33138 (GCVE-0-2025-33138)
Vulnerability from cvelistv5 – Published: 2025-05-22 16:37 – Updated: 2025-08-26 15:04
VLAI?
Title
IBM Aspera Faspex HTML injection
Summary
IBM Aspera Faspex 5.0.0 through 5.0.12 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
Severity ?
5.4 (Medium)
CWE
- CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Faspex |
Affected:
5.0.0 , ≤ 5.0.12
(semver)
cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_faspex:5.0.12:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-33138",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-22T17:42:25.226671Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T18:02:51.533Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_faspex:5.0.12:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Aspera Faspex",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "5.0.12",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Aspera Faspex 5.0.0 through 5.0.12 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site."
}
],
"value": "IBM Aspera Faspex 5.0.0 through 5.0.12 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-26T15:04:09.662Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7234114"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM strongly recommends addressing the vulnerabilities now by upgrading the container images to 5.0.12.1 available from IBM Container Registry\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerabilities now by upgrading the container images to 5.0.12.1 available from IBM Container Registry"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Aspera Faspex HTML injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-33138",
"datePublished": "2025-05-22T16:37:28.698Z",
"dateReserved": "2025-04-15T17:51:21.700Z",
"dateUpdated": "2025-08-26T15:04:09.662Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-33137 (GCVE-0-2025-33137)
Vulnerability from cvelistv5 – Published: 2025-05-22 16:36 – Updated: 2025-08-26 15:05
VLAI?
Title
IBM Aspera Faspex data modification
Summary
IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to client-side enforcement of server-side security.
Severity ?
7.1 (High)
CWE
- CWE-602 - Client-Side Enforcement of Server-Side Security
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Faspex |
Affected:
5.0.0 , ≤ 5.0.12
(semver)
cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_faspex:5.0.12:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-33137",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-22T17:42:32.748335Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T18:04:27.703Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_faspex:5.0.12:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Aspera Faspex",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "5.0.12",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to client-side enforcement of server-side security."
}
],
"value": "IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to client-side enforcement of server-side security."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-602",
"description": "CWE-602 Client-Side Enforcement of Server-Side Security",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-26T15:05:04.735Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7234114"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM strongly recommends addressing the vulnerabilities now by upgrading the container images to 5.0.12.1 available from IBM Container Registry\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerabilities now by upgrading the container images to 5.0.12.1 available from IBM Container Registry"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Aspera Faspex data modification",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-33137",
"datePublished": "2025-05-22T16:36:04.256Z",
"dateReserved": "2025-04-15T17:51:21.700Z",
"dateUpdated": "2025-08-26T15:05:04.735Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-33136 (GCVE-0-2025-33136)
Vulnerability from cvelistv5 – Published: 2025-05-22 16:14 – Updated: 2025-08-26 15:04
VLAI?
Title
IBM Aspera Faspex data modification
Summary
IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to improper protection of assumed immutable data.
Severity ?
7.1 (High)
CWE
- CWE-471 - Modification of Assumed-Immutable Data (MAID)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Faspex |
Affected:
5.0.0 , ≤ 5.0.12
(semver)
cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_faspex:5.0.12:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-33136",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-22T17:42:42.800346Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T18:04:48.118Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_faspex:5.0.12:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Aspera Faspex",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "5.0.12",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to improper protection of assumed immutable data."
}
],
"value": "IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to improper protection of assumed immutable data."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-471",
"description": "CWE-471 Modification of Assumed-Immutable Data (MAID)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-26T15:04:47.668Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7234114"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM strongly recommends addressing the vulnerabilities now by upgrading the container images to 5.0.12.1 available from IBM Container Registry\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerabilities now by upgrading the container images to 5.0.12.1 available from IBM Container Registry"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Aspera Faspex data modification",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-33136",
"datePublished": "2025-05-22T16:14:02.649Z",
"dateReserved": "2025-04-15T17:51:21.699Z",
"dateUpdated": "2025-08-26T15:04:47.668Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3423 (GCVE-0-2025-3423)
Vulnerability from cvelistv5 – Published: 2025-04-13 11:56 – Updated: 2025-09-01 10:15
VLAI?
Title
IBM Aspera Faspex 5 cross-site scripting
Summary
IBM Aspera Faspex 5.0.0 through 5.0.11 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Faspex |
Affected:
5.0.0 , ≤ 5.0.11
(semver)
cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_faspex:5.0.11:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3423",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T19:21:05.871543Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T19:21:33.530Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_faspex:5.0.11:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Aspera Faspex",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "5.0.11",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Aspera Faspex 5.0.0 through 5.0.11 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.\u003c/span\u003e"
}
],
"value": "IBM Aspera Faspex 5.0.0 through 5.0.11 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-01T10:15:36.536Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7230757"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Aspera Faspex 5 cross-site scripting",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-3423",
"datePublished": "2025-04-13T11:56:15.398Z",
"dateReserved": "2025-04-07T14:58:49.159Z",
"dateUpdated": "2025-09-01T10:15:36.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-35907 (GCVE-0-2023-35907)
Vulnerability from cvelistv5 – Published: 2025-01-29 16:37 – Updated: 2025-02-12 16:47
VLAI?
Title
IBM Aspera Faspex information disclosure
Summary
IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
Severity ?
5.9 (Medium)
CWE
- CWE-521 - Weak Password Requirements
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Faspex |
Affected:
5.0.0 , ≤ 5.0.10
(semver)
cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_faspex:5.0.10:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35907",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T16:52:21.199357Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T16:47:02.895Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_faspex:5.0.10:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Aspera Faspex",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "5.0.10",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts."
}
],
"value": "IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-521",
"description": "CWE-521 Weak Password Requirements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-29T16:37:06.966Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7181814"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Aspera Faspex information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-35907",
"datePublished": "2025-01-29T16:37:06.966Z",
"dateReserved": "2023-06-20T02:24:31.594Z",
"dateUpdated": "2025-02-12T16:47:02.895Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37413 (GCVE-0-2023-37413)
Vulnerability from cvelistv5 – Published: 2025-01-29 16:36 – Updated: 2025-02-12 16:39
VLAI?
Title
IBM Aspera Faspex information disclosure
Summary
IBM Aspera Faspex 5.0.0 through 5.0.10 could disclose sensitive username information due to an observable response discrepancy.
Severity ?
5.3 (Medium)
CWE
- CWE-204 - Response Discrepancy Information Exposure
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Faspex |
Affected:
5.0.0 , ≤ 5.0.10
(semver)
cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_faspex:5.0.10:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37413",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T16:52:44.263224Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T16:39:51.480Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_faspex:5.0.10:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Aspera Faspex",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "5.0.10",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Aspera Faspex 5.0.0 through 5.0.10 could disclose sensitive username information due to an observable response discrepancy."
}
],
"value": "IBM Aspera Faspex 5.0.0 through 5.0.10 could disclose sensitive username information due to an observable response discrepancy."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-204",
"description": "CWE-204 Response Discrepancy Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-29T16:36:24.872Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7181814"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Aspera Faspex information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-37413",
"datePublished": "2025-01-29T16:36:24.872Z",
"dateReserved": "2023-07-05T15:59:16.997Z",
"dateUpdated": "2025-02-12T16:39:51.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}