Vulnerabilities > IBM > Aspera Faspex > 5.0.1

DATE CVE VULNERABILITY TITLE RISK
2025-05-22 CVE-2025-33136 Modification of Assumed-Immutable Data (MAID) vulnerability in IBM Aspera Faspex
IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to improper protection of assumed immutable data.
network
low complexity
ibm CWE-471
8.8
8.8
2025-05-22 CVE-2025-33137 Client-Side Enforcement of Server-Side Security vulnerability in IBM Aspera Faspex
IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to client-side enforcement of server-side security.
network
low complexity
ibm CWE-602
8.8
8.8
2025-05-22 CVE-2025-33138 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in IBM Aspera Faspex
IBM Aspera Faspex 5.0.0 through 5.0.12 is vulnerable to HTML injection.
network
low complexity
ibm CWE-80
6.1
6.1
2025-01-29 CVE-2023-35907 Weak Password Requirements vulnerability in IBM Aspera Faspex
IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
network
low complexity
ibm CWE-521
critical
 9.8
9.8
2025-01-29 CVE-2023-37398 Weak Password Requirements vulnerability in IBM Aspera Faspex
IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
network
low complexity
ibm CWE-521
critical
 9.8
9.8
2025-01-29 CVE-2023-37412 Execution with Unnecessary Privileges vulnerability in IBM Aspera Faspex
IBM Aspera Faspex 5.0.0 through 5.0.10 could allow a privileged user to make system changes without proper access controls.
network
low complexity
ibm CWE-250
4.9
4.9
2025-01-29 CVE-2023-37413 Response Discrepancy Information Exposure vulnerability in IBM Aspera Faspex
IBM Aspera Faspex 5.0.0 through 5.0.10 could disclose sensitive username information due to an observable response discrepancy.
network
low complexity
ibm CWE-204
5.3
5.3
2024-05-28 CVE-2023-37411 Unspecified vulnerability in IBM Aspera Faspex
IBM Aspera Faspex 5.0.0 through 5.0.6 is vulnerable to cross-site scripting.
network
low complexity
ibm
5.4
5.4
2024-03-05 CVE-2022-22399 Improper Encoding or Escaping of Output vulnerability in IBM Aspera Faspex 5.0.0/5.0.1
IBM Aspera Faspex 5.0.0 and 5.0.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.
network
low complexity
ibm CWE-116
6.5
6.5