Vulnerabilities > IBM > Aspera Faspex > High

DATE CVE VULNERABILITY TITLE RISK
2024-09-05 CVE-2024-45097 Interpretation Conflict vulnerability in IBM Aspera Faspex
IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification.
network
low complexity
ibm CWE-436
7.1
2024-09-05 CVE-2024-45098 Unspecified vulnerability in IBM Aspera Faspex
IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification.
network
low complexity
ibm
8.1
2023-09-08 CVE-2022-22401 Missing Encryption of Sensitive Data vulnerability in IBM Aspera Faspex
IBM Aspera Faspex 5.0.5 could allow a remote attacker to gather or persuade a naive user to supply sensitive information.
network
low complexity
ibm CWE-311
7.5
2023-09-08 CVE-2023-30995 Incorrect Authorization vulnerability in IBM Aspera Faspex
IBM Aspera Faspex 4.0 through 4.4.2 and 5.0 through 5.0.5 could allow a malicious actor to bypass IP whitelist restrictions using a specially crafted HTTP request.
network
low complexity
ibm CWE-863
7.5
2023-09-05 CVE-2023-35906 Reliance on IP Address for Authentication vulnerability in IBM Aspera Faspex
IBM Aspera Faspex 5.0.5 could allow a remote attacked to bypass IP restrictions due to improper access controls.
network
low complexity
ibm CWE-291
7.5
2023-03-21 CVE-2023-27871 SQL Injection vulnerability in IBM Aspera Faspex 4.4.1/4.4.2
IBM Aspera Faspex 4.4.2 could allow a remote attacker to obtain sensitive credential information for an external user, using a specially crafted SQL query.
network
low complexity
ibm CWE-89
7.5
2023-03-21 CVE-2023-27874 XXE vulnerability in IBM Aspera Faspex 4.4.1/4.4.2
IBM Aspera Faspex 4.4.2 is vulnerable to an XML external entity injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
8.8
2023-03-16 CVE-2023-27875 Unspecified vulnerability in IBM Aspera Faspex 5.0.4
IBM Aspera Faspex 5.0.4 could allow a user to change other user's credentials due to improper access controls.
network
low complexity
ibm
7.5
2022-05-24 CVE-2022-22497 Unspecified vulnerability in IBM Aspera Faspex 4.4.1/5.0.0
IBM Aspera Faspex 4.4.1 and 5.0.0 could allow unauthorized access due to an incorrectly computed security token.
network
low complexity
ibm
7.5