Search
Find a vulnerability
Search criteria
2 vulnerabilities found for aspera_http_gateway by ibm
CVE-2025-36274 (GCVE-0-2025-36274)
Vulnerability from nvd – Published: 2025-09-26 14:14 – Updated: 2025-09-26 14:57
VLAI
EPSS
VEX
Title
IBM Aspera HTTP Gateway information disclosure
Summary
IBM Aspera HTTP Gateway 2.0.0 through 2.3.1 stores sensitive information in clear text in easily obtainable files which can be read by an unauthenticated user.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7246284 | vendor-advisorypatch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Aspera HTTP Gateway |
Affected:
2.0.0 , ≤ 2.3.1
(semver)
cpe:2.3:a:ibm:aspera_http_gateway:2.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_http_gateway:2.3.1:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36274",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-26T14:57:11.465422Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-26T14:57:32.217Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:aspera_http_gateway:2.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_http_gateway:2.3.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Aspera HTTP Gateway",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "2.3.1",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "jhon1231248e"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Aspera HTTP Gateway 2.0.0 through 2.3.1 stores sensitive information in clear text in easily obtainable files which can be read by an unauthenticated user."
}
],
"value": "IBM Aspera HTTP Gateway 2.0.0 through 2.3.1 stores sensitive information in clear text in easily obtainable files which can be read by an unauthenticated user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-26T14:14:01.082Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7246284"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM strongly recommends addressing the vulnerabilities now by upgrading to 2.3.2, see links in the table below.\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eProduct\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFixing VRM\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003ePlatform\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eLink to Fix\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Aspera HTTP Gateway\u003c/td\u003e\u003ctd\u003e2.3.2\u003c/td\u003e\u003ctd\u003eLinux\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7EOther%20software\u0026amp;product=ibm/Other+software/IBM+Aspera+Proxy+Server\u0026amp;release=All\u0026amp;platform=All\u0026amp;function=fixId\u0026amp;fixids=ibm-aspera-httpgateway-2.3.2.298.x86_64\u0026amp;includeRequisites=1\u0026amp;includeSupersedes=0\u0026amp;downloadMethod=http\"\u003eclick here\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerabilities now by upgrading to 2.3.2, see links in the table below.\n\n\u00a0\n\nProductFixing VRMPlatformLink to FixIBM Aspera HTTP Gateway2.3.2Linux click here https://www.ibm.com/support/fixcentral/swg/downloadFixes"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Aspera HTTP Gateway information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36274",
"datePublished": "2025-09-26T14:14:01.082Z",
"dateReserved": "2025-04-15T21:16:46.801Z",
"dateUpdated": "2025-09-26T14:57:32.217Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-36274 (GCVE-0-2025-36274)
Vulnerability from cvelistv5 – Published: 2025-09-26 14:14 – Updated: 2025-09-26 14:57
VLAI
EPSS
VEX
Title
IBM Aspera HTTP Gateway information disclosure
Summary
IBM Aspera HTTP Gateway 2.0.0 through 2.3.1 stores sensitive information in clear text in easily obtainable files which can be read by an unauthenticated user.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7246284 | vendor-advisorypatch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Aspera HTTP Gateway |
Affected:
2.0.0 , ≤ 2.3.1
(semver)
cpe:2.3:a:ibm:aspera_http_gateway:2.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_http_gateway:2.3.1:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36274",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-26T14:57:11.465422Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-26T14:57:32.217Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:aspera_http_gateway:2.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_http_gateway:2.3.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Aspera HTTP Gateway",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "2.3.1",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "jhon1231248e"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Aspera HTTP Gateway 2.0.0 through 2.3.1 stores sensitive information in clear text in easily obtainable files which can be read by an unauthenticated user."
}
],
"value": "IBM Aspera HTTP Gateway 2.0.0 through 2.3.1 stores sensitive information in clear text in easily obtainable files which can be read by an unauthenticated user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-26T14:14:01.082Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7246284"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM strongly recommends addressing the vulnerabilities now by upgrading to 2.3.2, see links in the table below.\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eProduct\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFixing VRM\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003ePlatform\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eLink to Fix\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Aspera HTTP Gateway\u003c/td\u003e\u003ctd\u003e2.3.2\u003c/td\u003e\u003ctd\u003eLinux\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7EOther%20software\u0026amp;product=ibm/Other+software/IBM+Aspera+Proxy+Server\u0026amp;release=All\u0026amp;platform=All\u0026amp;function=fixId\u0026amp;fixids=ibm-aspera-httpgateway-2.3.2.298.x86_64\u0026amp;includeRequisites=1\u0026amp;includeSupersedes=0\u0026amp;downloadMethod=http\"\u003eclick here\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerabilities now by upgrading to 2.3.2, see links in the table below.\n\n\u00a0\n\nProductFixing VRMPlatformLink to FixIBM Aspera HTTP Gateway2.3.2Linux click here https://www.ibm.com/support/fixcentral/swg/downloadFixes"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Aspera HTTP Gateway information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36274",
"datePublished": "2025-09-26T14:14:01.082Z",
"dateReserved": "2025-04-15T21:16:46.801Z",
"dateUpdated": "2025-09-26T14:57:32.217Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}