Severity
Medium
Analysis Summary
CVE-2023-22869 CVSS:5.5
IBM Aspera Faspex 5.0.0 through 5.0.7 stores potentially sensitive information in log files that could be read by a local user.
CVE-2023-37396 CVSS:2.5
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certain data.
CVE-2023-37397 CVSS:3.6
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain or modify sensitive information due to improper encryption of certain data.
CVE-2023-27279 CVSS:6.5
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a user to cause a denial of service due to missing API rate limiting.
CVE-2023-37400 CVSS:7.8
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to escalate their privileges due to insecure credential storage.
CVE-2022-40745 CVSS:5.5
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to weaker than expected security.
Impact
- Information Disclosure
- Denial of Service
Indicators of Compromise
CVE
- CVE-2023-22869
- CVE-2023-37396
- CVE-2023-37397
- CVE-2023-27279
- CVE-2023-37400
- CVE-2022-40745
Affected Vendors
Affected Products
- IBM Aspera Faspex 5.0.7
- IBM Aspera Faspex 5.0.0
Remediation
Refer to IBM Security Advisory for patch, upgrade or suggested workaround information.