Weaker than expected security in Aspera Faspex 5.0.0-5.0.7 could lead to sensitive information disclosure
CVE-2022-40745

5.5MEDIUM

Key Information:

Vendor: IBM
Status: Aspera Faspex
Vendor: CVE Published:; 19 April 2024

Summary

IBM Aspera Faspex versions 5.0.0 through 5.0.7 contain a significant vulnerability that allows local users to access sensitive information due to insufficient security controls. This issue poses potential risks for data confidentiality and system integrity, enabling unauthorized users to exploit weaker security measures. Organizations using these versions should take proactive steps to mitigate the risks associated with this vulnerability.

Affected Version(s)

Aspera Faspex 5.0.0 <= 5.0.7

References

https://www.ibm.com/support/pages/node/7148632

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/236452

vdb-entry

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 19, 2024
Vulnerability Reserved
Sep 16, 2022