8.8
CVE-2025-33137
- EPSS 0.21%
- Veröffentlicht 22.05.2025 16:36:04
- Zuletzt bearbeitet 30.05.2025 01:19:24
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
IBM Aspera Faspex data modification
IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to client-side enforcement of server-side security.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Aspera Faspex Version >= 5.0.0 < 5.0.12.1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.21% | 0.433 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| psirt@us.ibm.com | 7.1 | 2.8 | 4.2 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
|
CWE-602 Client-Side Enforcement of Server-Side Security
The product is composed of a server that relies on the client to implement a mechanism that is intended to protect the server.