9.8
CVE-2023-37398
- EPSS 0.06%
- Veröffentlicht 29.01.2025 17:15:26
- Zuletzt bearbeitet 04.03.2025 21:43:48
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
LoginIBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Aspera Faspex Version >= 5.0.0 <= 5.0.10
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.06% | 0.183 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| psirt@us.ibm.com | 5.9 | 2.2 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-521 Weak Password Requirements
The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.