Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMA44DF6359CB4BD2B7FC30902EB87665938BD06F2D8DB28021CB368DD16EFDE53
HistoryMay 18, 2024 - 12:00 a.m.

Security Bulletin: IBM Aspera Faspex 5.0.7 has addressed a cross-site scripting vulnerability (CVE-2022-40744)

2024-05-1800:00:49
www.ibm.com
17
ibm aspera faspex
cross-site scripting
vulnerability
credentials disclosure
linux
fix

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

AI Score

6.1

Confidence

High

EPSS

0

Percentile

12.8%

JSON

Summary

IBM Aspera Faspex 5 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Vulnerability Details

CVEID:CVE-2022-40744
**DESCRIPTION:**IBM Aspera Faspex 5 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/236441 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Aspera Faspex 5.0.6 and earlier

Remediation/Fixes

It is recommended to apply the fix as soon as possible, see link below.

Product Fixing VRM Platform Link to Fix
IBM Aspera Faspex

5.0.7

| Linux| click here

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmaspera_faspex_on_demandMatch3.7
OR
ibmaspera_faspexMatch5.0
OR
ibmaspera_server_on_demandMatch1.1
OR
ibmaspera_faspexMatch1.0
OR
ibmaspera_faspexMatch1.0
VendorProductVersionCPE
ibmaspera_faspex_on_demand3.7cpe:2.3:a:ibm:aspera_faspex_on_demand:3.7:*:*:*:*:*:*:*
ibmaspera_faspex5.0cpe:2.3:a:ibm:aspera_faspex:5.0:*:*:*:*:*:*:*
ibmaspera_server_on_demand1.1cpe:2.3:a:ibm:aspera_server_on_demand:1.1:*:*:*:*:*:*:*
ibmaspera_faspex1.0cpe:2.3:a:ibm:aspera_faspex:1.0:*:*:*:*:*:*:*

Related

prion 1
cvelist 1
vulnrichment 1
cve 1
nvd 1
prion
prion
Cross site scripting
2024-02-02 04:15:00
cvelist
cvelist
CVE-2022-40744 IBM Aspera Faspex cross-site scripting
2024-02-02 03:08:11
vulnrichment
vulnrichment
CVE-2022-40744 IBM Aspera Faspex cross-site scripting
2024-02-02 03:08:11
cve
cve
CVE-2022-40744
2024-02-02 04:15:07
nvd
nvd
CVE-2022-40744
2024-02-02 04:15:07

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

AI Score

6.1

Confidence

High

EPSS

0

Percentile

12.8%

JSON
Related for A44DF6359CB4BD2B7FC30902EB87665938BD06F2D8DB28021CB368DD16EFDE53
prion1cvelist1vulnrichment1cve1nvd1