Local User Could Access Sensitive Data Due to Insufficient Encryption
CVE-2023-37395

3.3LOW

Key Information:

Vendor: IBM
Status: Aspera Faspex
Vendor: CVE Published:; 11 December 2024

What is CVE-2023-37395?

IBM Aspera Faspex versions 5.0.0 to 5.0.7 are influenced by a security flaw that can permit local users to gain unauthorized access to sensitive information. This vulnerability arises from improper encryption mechanisms utilized within the application, leading to potential data exposure. Organizations using the affected versions are urged to review their security measures and apply recommended updates to mitigate risks associated with this vulnerability.

Affected Version(s)

Aspera Faspex 5.0.0 <= 5.0.7

References

https://www.ibm.com/support/pages/node/7148632

vendor-advisory

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 11, 2024
Vulnerability Reserved
Jul 5, 2023