Ibm Aspera Faspex
41 CVEs affecting Ibm Aspera Faspex. Latest disclosed: 2025-10-09. Critical: 2, High: 7.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-27874 | Critical | 9.9 | 2023-03-21 | IBM Aspera Faspex 4.4.2 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit… |
CVE-2022-47986 | Critical | 9.8 | 2023-02-17 | IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw… |
CVE-2023-37400 | High | 7.8 | 2024-04-19 | IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to escalate their privileges due to insecure credential storage. IBM X-Force ID: 259677. |
CVE-2023-30995 | High | 7.5 | 2023-09-08 | IBM Aspera Faspex 4.0 through 4.4.2 and 5.0 through 5.0.5 could allow a malicious actor to bypass IP whitelist restrictions using a specially crafted HTTP requ… |
CVE-2023-27871 | High | 7.5 | 2023-03-21 | IBM Aspera Faspex 4.4.2 could allow a remote attacker to obtain sensitive credential information for an external user, using a specially crafted SQL query. IB… |
CVE-2023-27875 | High | 7.5 | 2023-03-16 | IBM Aspera Faspex 5.0.4 could allow a user to change other user's credentials due to improper access controls. IBM X-Force ID: 249847. |
CVE-2022-22497 | High | 7.5 | 2022-05-24 | IBM Aspera Faspex 4.4.1 and 5.0.0 could allow unauthorized access due to an incorrectly computed security token. IBM X-Force ID: 226951. |
CVE-2025-33137 | High | 7.1 | 2025-05-22 | IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another u… |
CVE-2025-33136 | High | 7.1 | 2025-05-22 | IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another u… |
CVE-2024-45098 | Medium | 6.8 | 2024-09-05 | IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification. |
CVE-2025-36040 | Medium | 6.5 | 2025-07-30 | IBM Aspera Faspex 5.0.0 through 5.0.12.1 could allow an authenticated user to perform unauthorized actions due to client-side enforcement of sever side securit… |
CVE-2025-36039 | Medium | 6.5 | 2025-07-30 | IBM Aspera Faspex 5.0.0 through 5.0.12.1 could allow an authenticated user to perform unauthorized actions due to client-side enforcement of sever side securit… |
CVE-2024-45096 | Medium | 6.5 | 2024-09-05 | IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user with access to the package to obtain sensitive information through a directory listing. |
CVE-2023-27279 | Medium | 6.5 | 2024-04-19 | IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a user to cause a denial of service due to missing API rate limiting. IBM X-Force ID: 248533. |
CVE-2023-27873 | Medium | 6.5 | 2023-03-21 | IBM Aspera Faspex 4.4.2 could allow a remote authenticated attacker to obtain sensitive credential information using specially crafted XML input. IBM X-Force… |
CVE-2023-35907 | Medium | 5.9 | 2025-01-29 | IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise u… |
CVE-2023-37398 | Medium | 5.9 | 2025-01-29 | IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise u… |
CVE-2024-45097 | Medium | 5.9 | 2024-09-05 | IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification. |
CVE-2022-22401 | Medium | 5.9 | 2023-09-08 | IBM Aspera Faspex 5.0.5 could allow a remote attacker to gather or persuade a naive user to supply sensitive information. IBM X-Force ID: 222567. |
CVE-2022-22405 | Medium | 5.9 | 2023-09-08 | IBM Aspera Faspex 5.0.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security… |