Primary

Context

IBM Aspera Faspex Cross-Domain Policy Vulnerability

Vulnerability

Patched

A vulnerability exists in IBM Aspera Faspex versions 5.0.0 to 5.0.13.1, where the application uses a cross-domain policy file that includes untrusted domains. This permissive policy could potentially allow for security risks by enabling interactions with malicious domains.

Impact

This vulnerability could lead to security issues by allowing untrusted domains to be accessed, potentially facilitating cross-domain attacks or data leakage.

Remediation

Users are advised to upgrade to IBM Aspera Faspex version 5.0.14, available through the IBM Update Catalog.

Added: Oct 9, 2025, 2:22 PM

Updated: Oct 9, 2025, 3:59 PM

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

2.5

exploitability

7.4

remediation

7.7

relevance

0.6

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

2.5

exploitability

7.4

remediation

7.7

relevance

0.6

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

IBM Aspera Faspex Cross-Domain Policy Vulnerability

Vulnerability

Impact

Remediation

Affected Products

IBM Aspera Faspex

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating