Primary

Context

IBM Aspera HSTS for CP4I Authentication Bypass Vulnerability Allowing Unauthorized File Access

Vulnerability

Patched

An authentication bypass vulnerability has been identified in IBM Aspera High-Speed Transfer Server for Cloud Pak for Integration (CP4I) versions 1.5.1 through 1.5.19. This vulnerability allows a transfer client to access files in the server's local storage that should be restricted, potentially leading to unauthorized file access.

Impact

Exploitation of this vulnerability could result in unauthorized access to files in the server's local storage.

Remediation

Users can upgrade to IBM Aspera High-Speed Transfer Server for Cloud Pak for Integration (CP4I) version 1.5.20 to address this vulnerability.

Added: May 27, 2026, 6:13 PM

Updated: May 27, 2026, 6:13 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

7.6

remediation

7.7

relevance

9.7

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

7.6

remediation

7.7

relevance

9.7

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

IBM Aspera HSTS for CP4I Authentication Bypass Vulnerability Allowing Unauthorized File Access

Vulnerability

Impact

Remediation

Affected Products

IBM Aspera HSTS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating