Primary

Context

IBM Aspera Faspex Client-Side Security Vulnerability Allowing Unauthorized Actions or Information Disclosure

Vulnerability

Patched

A vulnerability exists in IBM Aspera Faspex versions 5.0.0 through 5.0.12, allowing authenticated users to access sensitive information or execute unauthorized actions on behalf of other users. This issue arises from client-side enforcement of server-side security, leading to improper protection of data.

Impact

Exploitation of this vulnerability could result in unauthorized actions being performed on behalf of another user or sensitive information being disclosed to an authenticated user.

Remediation

Users are advised to upgrade to version 5.0.12.1, available from the IBM Container Registry. Instructions for upgrading can be found in the IBM Aspera Faspex documentation.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

1.7

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

1.7

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

IBM Aspera Faspex Client-Side Security Vulnerability Allowing Unauthorized Actions or Information Disclosure

Vulnerability

Impact

Remediation

Affected Products

IBM Aspera Faspex

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating