Aspera Faspex Log File Vulnerability
CVE-2023-22869

5.5MEDIUM

Key Information:

Vendor: IBM
Status: Aspera Faspex
Vendor: CVE Published:; 19 April 2024

Summary

IBM Aspera Faspex versions 5.0.0 through 5.0.7 are susceptible to a vulnerability that enables local users to access potentially sensitive information stored in log files. This exposure can lead to unauthorized access to confidential data, raising concerns about the integrity and security of user information. Organizations utilizing this software must consider implementing measures to secure log file management practices to safeguard against potential internal threats.

References

https://www.ibm.com/support/pages/node/7148632

https://exchange.xforce.ibmcloud.com/vulnerabilities/244119

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 19, 2024