Lucene search

[email protected]NVD:CVE-2023-30995

HistorySep 08, 2023 - 9:15 p.m.

CVE-2023-30995

2023-09-0821:15:45

CWE-863

[email protected]

web.nvd.nist.gov

ibm

aspera

faspex

ip whitelist

bypass

http request

security vulnerability

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

7.4

Confidence

High

EPSS

0.001

Percentile

43.4%

JSON

IBM Aspera Faspex 4.0 through 4.4.2 and 5.0 through 5.0.5 could allow a malicious actor to bypass IP whitelist restrictions using a specially crafted HTTP request. IBM X-Force ID: 254268.

Affected configurations

Nvd

Node

ibmaspera_faspexRange≤5.0.5

AND

linuxlinux_kernelMatch-

VendorProductVersionCPE
ibmaspera_faspex*cpe:2.3:a:ibm:aspera_faspex:*:*:*:*:*:*:*:*
linuxlinux_kernel-cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	aspera_faspex	*	cpe:2.3:a:ibm:aspera_faspex::::::::
linux	linux_kernel	-	cpe:2.3:o:linux:linux_kernel:-:::::::*

References

exchange.xforce.ibmcloud.com/vulnerabilities/254268

www.ibm.com/support/pages/node/7029681

www.ibm.com/support/pages/node/7048851

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

7.4

Confidence

High

EPSS

0.001

Percentile

43.4%

JSON

Related for NVD:CVE-2023-30995

cve1 prion1 ibm2 cvelist1