IBM Aspera Faspex security bypass
CVE-2023-35906

7.5HIGH

Key Information:

Vendor: IBM
Status: Aspera Faspex
Vendor: CVE Published:; 5 September 2023

Summary

IBM Aspera Faspex 5.0.5 has been identified with a vulnerability that allows remote attackers to circumvent IP restrictions due to insufficient access control mechanisms. This poses a risk of unauthorized access to sensitive data and services, making it critical for users to assess their risk management strategies and consider implementing patches provided by IBM.

Affected Version(s)

Aspera Faspex 5.0.5

References

https://www.ibm.com/support/pages/node/7029681

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/259649

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 5, 2023
Vulnerability Reserved
Jun 20, 2023