CVE-2025-36227

>= 5.0.0 and < 5.0.15

IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to HTTP header injection, caused by improper validation of input by the H

5.4MEDIUM

CVE-2025-36226

>= 5.0.0 and < 5.0.15

IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user

5.4MEDIUM

CVE-2025-36230

>= 5.0.0 and < 5.0.14.2

IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, wh

5.4MEDIUM

CVE-2025-36229

>= 5.0.0 and < 5.0.14.2

IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 could allow authenticated users to enumerate sensitive information of data due by enume

3.1LOW

CVE-2025-36228

>= 5.0.0 and < 5.0.14.2

IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 may allow inconsistent permissions between the user interface and backend API allowed u

3.8LOW

CVE-2025-36225

>= 5.0.0 and < 5.0.14

IBM Aspera 5.0.0 through 5.0.13.1 could disclose sensitive user information from the system to an authenticated user due to an o

4.3MEDIUM

CVE-2025-36171

>= 5.0.0 and < 5.0.14

IBM Aspera Faspex 5.0.0 through 5.0.13.1 could allow a privileged user to cause a denial of service from improperly validated API

4.9MEDIUM

CVE-2023-37401

>= 5.0.0 and < 5.0.14

IBM Aspera Faspex 5.0.0 through 5.0.13.1 uses a cross-domain policy file that includes domains that should not be trusted.

5.3MEDIUM

CVE-2025-36040

>= 5.0.0 and <= 5.0.12.1

IBM Aspera Faspex 5.0.0 through 5.0.12.1 could allow an authenticated user to perform unauthorized actions due to client-side enfo

6.5MEDIUM

CVE-2025-36039

>= 5.0.0 and <= 5.0.12.1

IBM Aspera Faspex 5.0.0 through 5.0.12.1 could allow an authenticated user to perform unauthorized actions due to client-side enfo

6.5MEDIUM

CVE-2025-33138

>= 5.0.0 and < 5.0.12.1

IBM Aspera Faspex 5.0.0 through 5.0.12 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which

5.4MEDIUM

CVE-2025-33137

>= 5.0.0 and < 5.0.12.1

IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized a

7.1HIGH

CVE-2025-33136

>= 5.0.0 and < 5.0.12.1

IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized a

7.1HIGH

CVE-2025-3423

>= 5.0.0 and < 5.0.12

IBM Aspera Faspex 5.0.0 through 5.0.11 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to e

5.4MEDIUM

CVE-2023-37413

>= 5.0.0 and <= 5.0.10

IBM Aspera Faspex 5.0.0 through 5.0.10 could disclose sensitive username information due to an observable response discrepancy.

5.3MEDIUM

CVE-2023-37412

>= 5.0.0 and <= 5.0.10

IBM Aspera Faspex 5.0.0 through 5.0.10 could allow a privileged user to make system changes without proper access controls.

4.4MEDIUM

CVE-2023-37398

>= 5.0.0 and <= 5.0.10

IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier

5.9MEDIUM

CVE-2023-35907

>= 5.0.0 and <= 5.0.10

IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier

5.9MEDIUM

CVE-2023-37395

>= 5.0.0 and <= 5.0.7

IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certa

2.5LOW

CVE-2024-45098

>= 5.0.0 and < 5.0.10

IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification.

6.8MEDIUM

CVE-2024-45097

>= 5.0.0 and < 5.0.10

IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification.

5.9MEDIUM

CVE-2024-45096

>= 5.0.0 and < 5.0.10

IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user with access to the package to obtain sensitive information through a dire

6.5MEDIUM

CVE-2023-37411

>= 5.0.0 and <= 5.0.6

IBM Aspera Faspex 5.0.0 through 5.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary Ja

4.8MEDIUM

CVE-2023-37397

>= 5.0.0 and <= 5.0.7

IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain or modify sensitive information due to improper encryptio

3.6LOW

CVE-2023-27279

>= 5.0.0 and <= 5.0.7

IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a user to cause a denial of service due to missing API rate limiting. IBM X-For

6.5MEDIUM

CVE-2022-40745

>= 5.0.0 and <= 5.0.7

IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to weaker than expected securit

5.5MEDIUM

CVE-2023-37396

>= 5.0.0 and < 5.0.8

IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certa

2.5LOW

CVE-2023-22869

>= 5.0.0 and < 5.0.8

IBM Aspera Faspex 5.0.0 through 5.0.7 stores potentially sensitive information in log files that could be read by a local user. I

5.5MEDIUM

CVE-2023-37400

>= 5.0.0 and < 5.0.8

IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to escalate their privileges due to insecure credential storage. I

7.8HIGH

CVE-2022-22399

all versions

IBM Aspera Faspex 5.0.0 and 5.0.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST heade

5.4MEDIUM

CVE-2022-40744

< 5.0.7

IBM Aspera Faspex 5.0.6 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScrip

4.8MEDIUM

CVE-2022-22409

<= 5.0.5

IBM Aspera Faspex 5.0.5 could allow a remote attacker to gather sensitive information about the web application, caused by an inse

5.3MEDIUM

CVE-2022-22402

<= 5.0.5

IBM Aspera Faspex 5.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code

5.4MEDIUM

CVE-2022-22401

<= 5.0.5

IBM Aspera Faspex 5.0.5 could allow a remote attacker to gather or persuade a naive user to supply sensitive information. IBM X-F

5.9MEDIUM

CVE-2023-30995

<= 5.0.5

IBM Aspera Faspex 4.0 through 4.4.2 and 5.0 through 5.0.5 could allow a malicious actor to bypass IP whitelist restrictions using

7.5HIGH

CVE-2023-24965

<= 5.0.5

IBM Aspera Faspex 5.0.5 does not restrict or incorrectly restricts access to a resource from an unauthorized actor. IBM X-Force I

5.8MEDIUM

CVE-2022-22405

<= 5.0.5

IBM Aspera Faspex 5.0.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HT

5.9MEDIUM

CVE-2023-35906

<= 5.0.5

IBM Aspera Faspex 5.0.5 could allow a remote attacked to bypass IP restrictions due to improper access controls. IBM X-Force ID:

5.3MEDIUM

CVE-2023-22870

<= 5.0.5

IBM Aspera Faspex 5.0.5 transmits sensitive information in cleartext which could be obtained by an attacker using man in the middl

5.9MEDIUM

CVE-2023-27874

<= 4.4.2

IBM Aspera Faspex 4.4.2 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenti

9.9CRITICAL

CVE-2023-27873

<= 4.4.2

IBM Aspera Faspex 4.4.2 could allow a remote authenticated attacker to obtain sensitive credential information using specially cra

6.5MEDIUM

CVE-2023-27871

<= 4.4.2

IBM Aspera Faspex 4.4.2 could allow a remote attacker to obtain sensitive credential information for an external user, using a spe

7.5HIGH

CVE-2023-27875

all versions

IBM Aspera Faspex 5.0.4 could allow a user to change other user's credentials due to improper access controls. IBM X-Force ID: 2

7.5HIGH

CVE-2023-22868

<= 4.4.1

IBM Aspera Faspex 4.4.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code

5.4MEDIUM

CVE-2022-47986

<= 4.4.1

IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by

9.8CRITICAL

CVE-2022-22497

all versions

IBM Aspera Faspex 4.4.1 and 5.0.0 could allow unauthorized access due to an incorrectly computed security token. IBM X-Force ID: 2

7.5HIGH