Aspera Faspex Vulnerable to HTTP Header Injection
CVE-2022-22399

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Aspera Faspex
Vendor: CVE Published:; 5 March 2024

Summary

A vulnerability exists in IBM Aspera Faspex 5.0.0 and 5.0.1 due to inadequate validation of the HOST headers, potentially allowing attackers to perform various malicious actions. Exploitation of this vulnerability can lead to serious threats such as cross-site scripting attacks, where sensitive user information can be hijacked, cache poisoning that disrupts normal operations, and unauthorized session hijacking, which compromises user sessions and data integrity. It is essential for users and administrators to address this issue promptly by applying necessary patches and updates to safeguard their systems.

Affected Version(s)

Aspera Faspex 5.0.0, 5.0.1

References

https://www.ibm.com/support/pages/node/6618959

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/222562

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 5, 2024
Vulnerability Reserved
Jan 3, 2022