IBM Aspera High-Speed Transfer Server and Aspera High-Speed Transfer Endpoint versions prior to 4.3.2 may be vulnerable to the exposure of sensitive information (CVE-2022-22391) by allowing authenticated users to obtain information they should not be able to access.
CVEID:CVE-2022-22391
**DESCRIPTION:**IBM Aspera could allow an authenticated user to obtain information from non sensitive operating system files that they should not have access to.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/222059 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Aspera High-Speed Transfer Endpoint | 4.3.1 and earlier |
IBM Aspera High-Speed Transfer Server | 4.3.1 and earlier |
The fix for this set of vulnerabilities was delivered in IBM Aspera High-Speed Transfer Server V4.0.0 and IBM Aspera High-Speed Transfer Endpoint V4.0.0.
Product | VRMF |
---|---|
IBM Aspera High-Speed Transfer Server | 4.3.2 |
IBM Aspera High-Speed Transfer Endpoint | 4.3.2 |
None