IBM Aspera Faspex cross-site scripting
CVE-2022-40744

4.8MEDIUM

Key Information:

Vendor

IBM
Status
Aspera Faspex
Vendor
CVE Published:
2 February 2024

What is CVE-2022-40744?

The stored cross-site scripting vulnerability present in IBM Aspera Faspex 5.0.6 poses significant security risks by allowing attackers to inject arbitrary JavaScript code into the Web UI. This manipulation alters the application's intended functionality and can lead to the unauthorized disclosure of user credentials within trusted sessions. Proper input validation and sanitization measures are crucial to mitigate such vulnerabilities.

Affected Version(s)

Aspera Faspex 5.0.6

References

https://www.ibm.com/support/pages/node/7111778
vendor-advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/236441
vdb-entry

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.