Aspera Faspex

DATE	CVE	VULNERABILITY TITLE	RISK
2023-09-05	CVE-2023-35906	Unspecified vulnerability in IBM Aspera Faspex IBM Aspera Faspex 5.0.5 could allow a remote attacked to bypass IP restrictions due to improper access controls. network low complexity ibm	7.5
2023-03-21	CVE-2023-27871	SQL Injection vulnerability in IBM Aspera Faspex 4.4.1/4.4.2 IBM Aspera Faspex 4.4.2 could allow a remote attacker to obtain sensitive credential information for an external user, using a specially crafted SQL query. network low complexity ibm CWE-89	7.5
2023-03-21	CVE-2023-27873	Unspecified vulnerability in IBM Aspera Faspex 4.4.1/4.4.2 IBM Aspera Faspex 4.4.2 could allow a remote authenticated attacker to obtain sensitive credential information using specially crafted XML input. network low complexity ibm	6.5
2023-03-21	CVE-2023-27874	Unspecified vulnerability in IBM Aspera Faspex 4.4.1/4.4.2 IBM Aspera Faspex 4.4.2 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. network low complexity ibm	8.8
2023-03-16	CVE-2023-27875	Unspecified vulnerability in IBM Aspera Faspex 5.0.4 IBM Aspera Faspex 5.0.4 could allow a user to change other user's credentials due to improper access controls. network low complexity ibm	7.5
2023-02-17	CVE-2023-22868	Unspecified vulnerability in IBM Aspera Faspex 4.4.1 IBM Aspera Faspex 4.4.1 is vulnerable to cross-site scripting. network low complexity ibm	5.4
2023-02-17	CVE-2022-47986	Unspecified vulnerability in IBM Aspera Faspex 4.4.1/4.4.2 IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. network low complexity ibm critical	9.8
2022-05-24	CVE-2022-22497	Unspecified vulnerability in IBM Aspera Faspex 4.4.1/5.0.0 IBM Aspera Faspex 4.4.1 and 5.0.0 could allow unauthorized access due to an incorrectly computed security token. network low complexity ibm	7.5