IBM Aspera Faspex information disclosure
CVE-2023-27871

7.5HIGH

Key Information:

Vendor: IBM
Status: Aspera Faspex
Vendor: CVE Published:; 21 March 2023

Summary

IBM Aspera Faspex version 4.4.2 is susceptible to SQL injection, which enables remote attackers to execute crafted SQL queries. This flaw can lead to unauthorized access to sensitive credential information, potentially compromising external user accounts. Organizations utilizing this version of Aspera Faspex are strongly encouraged to apply security updates and implement proper input validation mechanisms to mitigate such vulnerabilities.

Affected Version(s)

Aspera Faspex 4.4.2

References

https://www.ibm.com/support/pages/node/6964694

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/249613

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 21, 2023
Vulnerability Reserved
Mar 6, 2023