Aspera Faspex Vulnerability: Local User Access to Sensitive Data
CVE-2023-37397

4.4MEDIUM

Key Information:

Vendor: IBM
Status: Aspera Faspex
Vendor: CVE Published:; 19 April 2024

What is CVE-2023-37397?

IBM Aspera Faspex versions 5.0.0 through 5.0.7 are susceptible to a vulnerability that permits local users to gain unauthorized access to sensitive information. This issue arises from the improper encryption of certain types of data, which can lead to potential data exposure and modification. Users of affected versions are advised to implement necessary security measures and apply patches to mitigate the risks associated with this vulnerability. For detailed guidance and updates, refer to IBM's official advisory.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Aspera Faspex 5.0.0 <= 5.0.7

References

https://www.ibm.com/support/pages/node/7148632

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/259672

vdb-entry

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 19, 2024

JSON

IBM