📦 Aspera Faspex

IBM Aspera Faspex 4.4.2 contains an XML external entity injection (XXE) vulnerability that allows authenticated remote attackers to read arbitrary files and potentially execute commands on the server....

CVE-2022-47986 is a critical YAML deserialization vulnerability in IBM Aspera Faspex that allows remote attackers to execute arbitrary code on affected systems. The flaw exists in an obsolete API call...

IBM Aspera Faspex versions 5.0.0 through 5.0.12 have a client-side security enforcement vulnerability that allows authenticated users to bypass server-side security controls. This enables attackers to...

IBM Aspera Faspex versions 5.0.0 through 5.0.7 have a local privilege escalation vulnerability due to insecure credential storage, allowing a local user to gain elevated privileges. This affects syste...

This vulnerability allows attackers to bypass IP whitelist restrictions in IBM Aspera Faspex by sending specially crafted HTTP requests. Affected organizations using Faspex for file transfers could ha...

IBM Aspera Faspex 5 versions 5.0.0 through 5.0.14.1 contain an HTML injection vulnerability that allows attackers to inject malicious HTML code. When victims view the injected content, it executes in ...

IBM Aspera versions 5.0.0 through 5.0.13.1 contain an information disclosure vulnerability where authenticated users can access sensitive system information they shouldn't normally see. This occurs du...

IBM Aspera Faspex versions 5.0.0 through 5.0.13.1 have an overly permissive cross-domain policy file that includes untrusted domains. This could allow attackers to perform cross-domain attacks against...

IBM Aspera Faspex versions 5.0.0 through 5.0.12.1 have a client-side security control bypass vulnerability where authenticated users can perform unauthorized actions. This affects organizations using ...

IBM Aspera Faspex versions 5.0.0 through 5.0.10 do not enforce strong password policies by default, allowing attackers to more easily compromise user accounts through brute-force or credential guessin...

IBM Aspera Faspex versions 5.0.0 through 5.0.10 can leak sensitive username information through observable response discrepancies. This vulnerability allows attackers to enumerate valid usernames, whi...

IBM Aspera Faspex versions 5.0.0 through 5.0.9 contain an access control bypass vulnerability that allows authenticated users to modify resources beyond their intended permissions. This affects organi...

IBM Aspera Faspex 5 versions 5.0.0 through 5.0.14.1 have inconsistent permissions between the user interface and backend API, allowing users to access features that appear disabled in the UI. This cou...

This vulnerability in IBM Aspera Faspex 5 allows authenticated users to enumerate sensitive information by discovering package identifiers. It affects organizations using IBM Aspera Faspex 5 versions ...