CVE-2023-27875
- EPSS 0.06%
- Veröffentlicht 16.03.2023 13:15:10
- Zuletzt bearbeitet 26.02.2025 15:15:19
IBM Aspera Faspex 5.0.4 could allow a user to change other user's credentials due to improper access controls. IBM X-Force ID: 249847.
CVE-2023-22868
- EPSS 0.23%
- Veröffentlicht 17.02.2023 17:15:11
- Zuletzt bearbeitet 21.11.2024 07:45:33
IBM Aspera Faspex 4.4.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted se...
CVE-2022-47986
- EPSS 94.3%
- Veröffentlicht 17.02.2023 16:15:10
- Zuletzt bearbeitet 27.10.2025 14:14:45
IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerabi...
CVE-2022-22497
- EPSS 0.29%
- Veröffentlicht 24.05.2022 22:15:10
- Zuletzt bearbeitet 21.11.2024 06:46:54
IBM Aspera Faspex 4.4.1 and 5.0.0 could allow unauthorized access due to an incorrectly computed security token. IBM X-Force ID: 226951.