CVE-2023-37396 — Use of a Broken or Risky Cryptographic Algorithm in IBM Aspera Faspex

CWE-327 — Use of a Broken or Risky Cryptographic Algorithm CWE-312 — Cleartext Storage of Sensitive Info3 documents3 sources

Severity

5.5MEDIUMNVD

CNA2.5

EPSS

0.0%

top 93.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Aspera Faspex

Timeline

PublishedApr 19

Description

IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certain data. IBM X-Force ID: 259671.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDibm/aspera_faspex5.0.0 — 5.0.8

▶CVEListV5ibm/aspera_faspex5.0.0 — 5.0.7

🔴Vulnerability Details

CVEList

IBM Aspera Faspex information disclosure↗2024-04-19

▶

GHSA

GHSA-xr37-jcv5-cqxv: IBM Aspera Faspex 5↗2024-04-19

▶