IBM Aspera Faspex improper access controls
CVE-2023-27875

7.5HIGH

Key Information:

Vendor: IBM
Status: Aspera Faspex
Vendor: CVE Published:; 16 March 2023

Summary

IBM Aspera Faspex version 5.0.4 presents a significant vulnerability where improper access controls can enable a user to alter another user's credentials. This flaw compromises user account security and poses risks to overall system integrity. Vigilance is necessary to ensure appropriate access restrictions are enforced.

Affected Version(s)

Aspera Faspex 5.0.4

References

https://www.ibm.com/support/pages/node/6963662

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/249847

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 16, 2023
Vulnerability Reserved
Mar 6, 2023