Skip to main content

Aspera Faspex

23 CVEs product

Monthly

CVE-2025-36227 MEDIUM This Month

Aspera Faspex versions up to 5.0.14.3 contains a vulnerability that allows attackers to conduct various attacks against the vulnerable system, including cross-site scri (CVSS 5.4).

IBM XSS Aspera Faspex
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-36226 MEDIUM This Month

IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. [CVSS 5.4 MEDIUM]

IBM XSS Aspera Faspex
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-33138 MEDIUM This Month

IBM Aspera Faspex 5.0.0 through 5.0.12 is vulnerable to HTML injection. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Aspera Faspex
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-33137 HIGH This Week

IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to client-side enforcement of. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Aspera Faspex
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-33136 HIGH This Week

IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to improper protection of. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Aspera Faspex
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-3423 MEDIUM This Month

IBM Aspera Faspex 5.0.0 through 5.0.11 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Aspera Faspex
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-37413 MEDIUM This Month

IBM Aspera Faspex 5.0.0 through 5.0.10 could disclose sensitive username information due to an observable response discrepancy. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Aspera Faspex
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-37412 MEDIUM This Month

IBM Aspera Faspex 5.0.0 through 5.0.10 could allow a privileged user to make system changes without proper access controls. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation IBM Aspera Faspex
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2023-37398 MEDIUM This Month

IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Brute Force IBM Information Disclosure Aspera Faspex
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2023-35907 MEDIUM This Month

IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Brute Force IBM Information Disclosure Aspera Faspex
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2024-45098 HIGH This Week

IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Aspera Faspex
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-45097 HIGH This Week

IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Aspera Faspex
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-45096 MEDIUM This Month

IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user with access to the package to obtain sensitive information through a directory listing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Aspera Faspex
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-30995 HIGH PATCH This Week

IBM Aspera Faspex 4.0 through 4.4.2 and 5.0 through 5.0.5 could allow a malicious actor to bypass IP whitelist restrictions using a specially crafted HTTP request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass IBM Aspera Faspex
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-24965 MEDIUM PATCH This Month

IBM Aspera Faspex 5.0.5 does not restrict or incorrectly restricts access to a resource from an unauthorized actor. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Information Disclosure IBM Aspera Faspex
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-35906 HIGH PATCH This Week

IBM Aspera Faspex 5.0.5 could allow a remote attacked to bypass IP restrictions due to improper access controls. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass IBM Aspera Faspex
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-22870 MEDIUM PATCH This Month

IBM Aspera Faspex 5.0.5 transmits sensitive information in cleartext which could be obtained by an attacker using man in the middle techniques. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure IBM Aspera Faspex
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2023-27874 HIGH PATCH This Week

IBM Aspera Faspex 4.4.2 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE IBM Aspera Faspex
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-27873 MEDIUM PATCH This Month

IBM Aspera Faspex 4.4.2 could allow a remote authenticated attacker to obtain sensitive credential information using specially crafted XML input. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure IBM Aspera Faspex
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-27871 HIGH PATCH This Week

IBM Aspera Faspex 4.4.2 could allow a remote attacker to obtain sensitive credential information for an external user, using a specially crafted SQL query. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi IBM Aspera Faspex
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-27875 HIGH PATCH This Week

IBM Aspera Faspex 5.0.4 could allow a user to change other user's credentials due to improper access controls. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass IBM Aspera Faspex
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-22868 MEDIUM PATCH This Month

IBM Aspera Faspex 4.4.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Aspera Faspex
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-22497 HIGH PATCH This Week

IBM Aspera Faspex 4.4.1 and 5.0.0 could allow unauthorized access due to an incorrectly computed security token. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass IBM Aspera Faspex
NVD
CVSS 3.1
7.5
EPSS
1.1%
EPSS 0% CVSS 5.4
MEDIUM This Month

Aspera Faspex versions up to 5.0.14.3 contains a vulnerability that allows attackers to conduct various attacks against the vulnerable system, including cross-site scri (CVSS 5.4).

IBM XSS Aspera Faspex
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. [CVSS 5.4 MEDIUM]

IBM XSS Aspera Faspex
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Aspera Faspex 5.0.0 through 5.0.12 is vulnerable to HTML injection. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Aspera Faspex
NVD
EPSS 0% CVSS 7.1
HIGH This Week

IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to client-side enforcement of. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Aspera Faspex
NVD
EPSS 0% CVSS 7.1
HIGH This Week

IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to improper protection of. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Aspera Faspex
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Aspera Faspex 5.0.0 through 5.0.11 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Aspera Faspex
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM Aspera Faspex 5.0.0 through 5.0.10 could disclose sensitive username information due to an observable response discrepancy. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Aspera Faspex
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

IBM Aspera Faspex 5.0.0 through 5.0.10 could allow a privileged user to make system changes without proper access controls. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation IBM Aspera Faspex
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Brute Force IBM Information Disclosure +1
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Brute Force IBM Information Disclosure +1
NVD
EPSS 0% CVSS 8.1
HIGH This Week

IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Aspera Faspex
NVD
EPSS 0% CVSS 7.1
HIGH This Week

IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Aspera Faspex
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user with access to the package to obtain sensitive information through a directory listing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Aspera Faspex
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Aspera Faspex 4.0 through 4.4.2 and 5.0 through 5.0.5 could allow a malicious actor to bypass IP whitelist restrictions using a specially crafted HTTP request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass IBM Aspera Faspex
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

IBM Aspera Faspex 5.0.5 does not restrict or incorrectly restricts access to a resource from an unauthorized actor. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Information Disclosure IBM Aspera Faspex
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

IBM Aspera Faspex 5.0.5 could allow a remote attacked to bypass IP restrictions due to improper access controls. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass IBM Aspera Faspex
NVD
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

IBM Aspera Faspex 5.0.5 transmits sensitive information in cleartext which could be obtained by an attacker using man in the middle techniques. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure IBM Aspera Faspex
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

IBM Aspera Faspex 4.4.2 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE IBM Aspera Faspex
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM Aspera Faspex 4.4.2 could allow a remote authenticated attacker to obtain sensitive credential information using specially crafted XML input. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure IBM Aspera Faspex
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Aspera Faspex 4.4.2 could allow a remote attacker to obtain sensitive credential information for an external user, using a specially crafted SQL query. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi IBM Aspera Faspex
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Aspera Faspex 5.0.4 could allow a user to change other user's credentials due to improper access controls. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass IBM Aspera Faspex
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Aspera Faspex 4.4.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Aspera Faspex
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Aspera Faspex 4.4.1 and 5.0.0 could allow unauthorized access due to an incorrectly computed security token. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass IBM Aspera Faspex
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy