Aspera High Speed Transfer Endpoint
CVE-2022-22391
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
IBM Aspera High-Speed Transfer 4.3.1 and earlier could allow an authenticated user to obtain information from non sensitive operating system files that they should not have access to. IBM X-Force ID: 222059.
AnalysisAI
IBM Aspera High-Speed Transfer 4.3.1 and earlier could allow an authenticated user to obtain information from non sensitive operating system files that they should not have access to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
IBM Aspera High-Speed Transfer 4.3.1 and earlier could allow an authenticated user to obtain information from non sensitive operating system files that they should not have access to. IBM X-Force ID: 222059. Affected products include: Ibm Aspera High-Speed Transfer Endpoint, Ibm Aspera High-Speed Transfer Server.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Certain IBM Aspera applications are vulnerable to buffer overflow after valid authentication, which could allow an attac
Certain IBM Aspera applications are vulnerable to arbitrary memory corruption based on the product configuration, which
Certain IBM Aspera applications are vulnerable to buffer overflow based on the product configuration and valid authentic
Certain IBM Aspera applications are vulnerable to a stack-based buffer overflow, caused by improper bounds checking. Rat
Certain IBM Aspera applications are vulnerable to command injection after valid authentication, which could allow an att
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today