CVE-2023-37401

CWE-9423 documents3 sources

Severity

5.3MEDIUM

EPSS

0.0%

top 91.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedOct 9

Description

IBM Aspera Faspex 5.0.0 through 5.0.13.1 uses a cross-domain policy file that includes domains that should not be trusted.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

▶NVDibm/aspera_faspex5.0.0 — 5.0.14

▶CVEListV5ibm/aspera_faspex5.0.0 — 5.0.13.1

CVEList

IBM Aspera Faspex cross-origin resource sharing↗2025-10-09

▶

GHSA

GHSA-92r7-2x48-7rm2: IBM Aspera Faspex 5↗2025-10-09

▶