Aspera Faspex Vulnerability: Local User Access to Sensitive Data
CVE-2023-37397

4.4MEDIUM

Key Information:

Vendor: IBM
Status: Aspera Faspex
Vendor: CVE Published:; 19 April 2024

Summary

IBM Aspera Faspex versions 5.0.0 through 5.0.7 are susceptible to a vulnerability that permits local users to gain unauthorized access to sensitive information. This issue arises from the improper encryption of certain types of data, which can lead to potential data exposure and modification. Users of affected versions are advised to implement necessary security measures and apply patches to mitigate the risks associated with this vulnerability. For detailed guidance and updates, refer to IBM's official advisory.

Affected Version(s)

Aspera Faspex 5.0.0 <= 5.0.7

References

https://www.ibm.com/support/pages/node/7148632

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/259672

vdb-entry

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 19, 2024