CVE-2023-37398

CWE-5213 documents3 sources
Severity
9.8CRITICAL
EPSS
0.2%
top 63.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Aspera Faspex
Timeline
PublishedJan 29

Description

IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

CVEListV5ibm/aspera_faspex5.0.05.0.10
NVDibm/aspera_faspex5.0.05.0.10

🔴Vulnerability Details

2
GHSA
GHSA-vf25-w4jq-mhx2: IBM Aspera Faspex 52025-01-29
CVEList
IBM Aspera Faspex information disclosure2025-01-29
CVE-2023-37398 (CRITICAL CVSS 9.8) | IBM Aspera Faspex 5.0.0 through 5.0 | cvebase.io