Primary

Context

IBM Aspera Faspex Observable Response Discrepancy Vulnerability Leading to Username Disclosure

Vulnerability

Patched

A vulnerability in IBM Aspera Faspex versions 5.0.0 to 5.0.10 could allow the unintentional disclosure of sensitive username information. This issue arises from an observable response discrepancy that could be exploited to infer username details.

Impact

Exploitation of this vulnerability could lead to the unauthorized disclosure of usernames, potentially allowing for further targeted attacks or account compromises.

Remediation

Users are advised to upgrade to IBM Aspera Faspex version 5.0.11, available through the IBM Support Fix Central.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

2.5

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

2.5

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

IBM Aspera Faspex Observable Response Discrepancy Vulnerability Leading to Username Disclosure

Vulnerability

Impact

Remediation

Affected Products

IBM Aspera Faspex

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating