Every CVE whose affected-product data names Ibm Aspera Faspex, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (46)
CVE-2023-27874 — CVSS 9.9 (critical): IBM Aspera Faspex 4.4.2 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated…
CVE-2023-37400 — CVSS 7.8 (high): IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to escalate their privileges due to insecure credential storage. IBM X-Force…
CVE-2022-22497 — CVSS 7.5 (high): IBM Aspera Faspex 4.4.1 and 5.0.0 could allow unauthorized access due to an incorrectly computed security token. IBM X-Force ID: 226951.
CVE-2023-27871 — CVSS 7.5 (high): IBM Aspera Faspex 4.4.2 could allow a remote attacker to obtain sensitive credential information for an external user, using a specially…
CVE-2023-27875 — CVSS 7.5 (high): IBM Aspera Faspex 5.0.4 could allow a user to change other user's credentials due to improper access controls. IBM X-Force ID: 249847.
CVE-2023-30995 — CVSS 7.5 (high): IBM Aspera Faspex 4.0 through 4.4.2 and 5.0 through 5.0.5 could allow a malicious actor to bypass IP whitelist restrictions using a…
CVE-2025-33137 — CVSS 7.1 (high): IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on…
CVE-2025-33136 — CVSS 7.1 (high): IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on…
CVE-2024-45098 — CVSS 6.8 (medium): IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification.
CVE-2024-45096 — CVSS 6.5 (medium): IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user with access to the package to obtain sensitive information through a directory…
CVE-2023-27873 — CVSS 6.5 (medium): IBM Aspera Faspex 4.4.2 could allow a remote authenticated attacker to obtain sensitive credential information using specially crafted XML…
CVE-2025-36039 — CVSS 6.5 (medium): IBM Aspera Faspex 5.0.0 through 5.0.12.1 could allow an authenticated user to perform unauthorized actions due to client-side enforcement…
CVE-2023-27279 — CVSS 6.5 (medium): IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a user to cause a denial of service due to missing API rate limiting. IBM X-Force ID…
CVE-2025-36040 — CVSS 6.5 (medium): IBM Aspera Faspex 5.0.0 through 5.0.12.1 could allow an authenticated user to perform unauthorized actions due to client-side enforcement…
CVE-2023-37398 — CVSS 5.9 (medium): IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for…
CVE-2022-22405 — CVSS 5.9 (medium): IBM Aspera Faspex 5.0.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict…
CVE-2022-22401 — CVSS 5.9 (medium): IBM Aspera Faspex 5.0.5 could allow a remote attacker to gather or persuade a naive user to supply sensitive information. IBM X-Force ID…
CVE-2023-22870 — CVSS 5.9 (medium): IBM Aspera Faspex 5.0.5 transmits sensitive information in cleartext which could be obtained by an attacker using man in the middle…
CVE-2023-35907 — CVSS 5.9 (medium): IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for…
CVE-2024-45097 — CVSS 5.9 (medium): IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification.
CVE-2023-24965 — CVSS 5.8 (medium): IBM Aspera Faspex 5.0.5 does not restrict or incorrectly restricts access to a resource from an unauthorized actor. IBM X-Force ID: 246713.
CVE-2023-22869 — CVSS 5.5 (medium): IBM Aspera Faspex 5.0.0 through 5.0.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force…
CVE-2022-40745 — CVSS 5.5 (medium): IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to weaker than expected security. IBM…
CVE-2025-33138 — CVSS 5.4 (medium): IBM Aspera Faspex 5.0.0 through 5.0.12 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when…
CVE-2022-22402 — CVSS 5.4 (medium): IBM Aspera Faspex 5.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the…
CVE-2023-22868 — CVSS 5.4 (medium): IBM Aspera Faspex 4.4.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the…
CVE-2022-22399 — CVSS 5.4 (medium): IBM Aspera Faspex 5.0.0 and 5.0.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This…
CVE-2025-3423 — CVSS 5.4 (medium): IBM Aspera Faspex 5.0.0 through 5.0.11 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed…
CVE-2025-36226 — CVSS 5.4 (medium): IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed…
CVE-2025-36227 — CVSS 5.4 (medium): IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST…
CVE-2025-36230 — CVSS 5.4 (medium): IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when…
CVE-2023-37401 — CVSS 5.3 (medium): IBM Aspera Faspex 5.0.0 through 5.0.13.1 uses a cross-domain policy file that includes domains that should not be trusted.
CVE-2022-22409 — CVSS 5.3 (medium): IBM Aspera Faspex 5.0.5 could allow a remote attacker to gather sensitive information about the web application, caused by an insecure…
CVE-2023-35906 — CVSS 5.3 (medium): IBM Aspera Faspex 5.0.5 could allow a remote attacked to bypass IP restrictions due to improper access controls. IBM X-Force ID: 259649.
CVE-2023-37413 — CVSS 5.3 (medium): IBM Aspera Faspex 5.0.0 through 5.0.10 could disclose sensitive username information due to an observable response discrepancy.
CVE-2025-36171 — CVSS 4.9 (medium): IBM Aspera Faspex 5.0.0 through 5.0.13.1 could allow a privileged user to cause a denial of service from improperly validated API input due…
CVE-2023-37411 — CVSS 4.8 (medium): IBM Aspera Faspex 5.0.0 through 5.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript…
CVE-2022-40744 — CVSS 4.8 (medium): IBM Aspera Faspex 5.0.6 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in…
CVE-2023-37412 — CVSS 4.4 (medium): IBM Aspera Faspex 5.0.0 through 5.0.10 could allow a privileged user to make system changes without proper access controls.
CVE-2025-36225 — CVSS 4.3 (medium): IBM Aspera 5.0.0 through 5.0.13.1 could disclose sensitive user information from the system to an authenticated user due to an observable…
CVE-2025-36228 — CVSS 3.8 (low): IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 may allow inconsistent permissions between the user interface and backend API allowed users to…
CVE-2023-37397 — CVSS 3.6 (low): IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain or modify sensitive information due to improper encryption of…
CVE-2025-36229 — CVSS 3.1 (low): IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 could allow authenticated users to enumerate sensitive information of data due by enumerating…
CVE-2023-37395 — CVSS 2.5 (low): IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certain data.
CVE-2023-37396 — CVSS 2.5 (low): IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certain data…