Vulnerabilities > IBM > Aspera Faspex > 5.0.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-29 | CVE-2023-35907 | Weak Password Requirements vulnerability in IBM Aspera Faspex IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | 9.8 |
| 2025-01-29 | CVE-2023-37398 | Weak Password Requirements vulnerability in IBM Aspera Faspex IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | 9.8 |
| 2025-01-29 | CVE-2023-37412 | Execution with Unnecessary Privileges vulnerability in IBM Aspera Faspex IBM Aspera Faspex 5.0.0 through 5.0.10 could allow a privileged user to make system changes without proper access controls. | 4.9 |
| 2025-01-29 | CVE-2023-37413 | Response Discrepancy Information Exposure vulnerability in IBM Aspera Faspex IBM Aspera Faspex 5.0.0 through 5.0.10 could disclose sensitive username information due to an observable response discrepancy. | 5.3 |
| 2024-05-28 | CVE-2023-37411 | Unspecified vulnerability in IBM Aspera Faspex IBM Aspera Faspex 5.0.0 through 5.0.6 is vulnerable to cross-site scripting. | 5.4 |
| 2024-03-05 | CVE-2022-22399 | Improper Encoding or Escaping of Output vulnerability in IBM Aspera Faspex 5.0.0/5.0.1 IBM Aspera Faspex 5.0.0 and 5.0.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. | 6.5 |