Lucene search
HistoryMar 21, 2023 - 3:15 p.m.
CVE-2023-27871
ibm
aspera
faspex
sql injection
vulnerability
remote attacker
sensitive credential information
external user
sql query
x-force
249613
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
7.5
Confidence
High
EPSS
0.001
Percentile
47.1%
IBM Aspera Faspex 4.4.2 could allow a remote attacker to obtain sensitive credential information for an external user, using a specially crafted SQL query. IBM X-Force ID: 249613.
Affected configurations
Node
ibmaspera_faspexRange≤4.4.2
ORibmaspera_faspexMatch4.4.2patch_level_1
ORibmaspera_faspexMatch4.4.2patch_level_2
linuxlinux_kernelMatch-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | aspera_faspex | * | cpe:2.3:a:ibm:aspera_faspex:*:*:*:*:*:*:*:* |
| ibm | aspera_faspex | 4.4.2 | cpe:2.3:a:ibm:aspera_faspex:4.4.2:patch_level_1:*:*:*:*:*:* |
| ibm | aspera_faspex | 4.4.2 | cpe:2.3:a:ibm:aspera_faspex:4.4.2:patch_level_2:*:*:*:*:*:* |
| linux | linux_kernel | - | cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* |
Related
prion
prion
Code injection
2023-03-21 15:15:00
cvelist
cvelist
CVE-2023-27871 IBM Aspera Faspex information disclosure
2023-03-21 14:29:53
cnvd
cnvd
IBM Aspera Faspex SQL Injection Vulnerability
2023-03-23 00:00:00
cve
cve
CVE-2023-27871
2023-03-21 15:15:12
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
7.5
Confidence
High
EPSS
0.001
Percentile
47.1%
Related for NVD:CVE-2023-27871