Aspera Faspex 5.0.0-5.0.7 Denial of Service Vulnerability
CVE-2023-27279

6.5MEDIUM

Key Information:

Vendor: IBM
Status: Aspera Faspex
Vendor: CVE Published:; 19 April 2024

Summary

IBM Aspera Faspex versions 5.0.0 through 5.0.7 exhibit a vulnerability that may lead to a denial of service due to inadequate API rate limiting measures. This flaw could allow attackers to exploit the system by generating excessive requests, potentially resulting in disrupted services for users. Organizations utilizing affected versions should assess their security posture and consider implementing additional controls to mitigate risks associated with this vulnerability.

References

https://www.ibm.com/support/pages/node/7148632

https://exchange.xforce.ibmcloud.com/vulnerabilities/248533

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 19, 2024