CVE-2023-27875 — Improper Access Control in IBM Aspera Faspex

Severity

7.5HIGHNVD

EPSS

0.2%

top 64.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedMar 16

Description

IBM Aspera Faspex 5.0.4 could allow a user to change other user's credentials due to improper access controls. IBM X-Force ID: 249847.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

CVEList

IBM Aspera Faspex improper access controls↗2023-03-16

▶

GHSA

GHSA-wf5x-pg8m-g5v4: IBM Aspera Faspex 5↗2023-03-16

▶