IBM Aspera Faspex 5
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in IBM Aspera Faspex 5.
By the Year
In 2026 there have been 2 vulnerabilities in IBM Aspera Faspex 5 with an average score of 5.4 out of ten. Last year, in 2025 Aspera Faspex 5 had 3 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Aspera Faspex 5 in 2026 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2026 is greater by 1.30.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 2 | 5.40 |
| 2025 | 3 | 4.10 |
It may take a day or so for new Aspera Faspex 5 vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent IBM Aspera Faspex 5 Security Vulnerabilities
IBM Aspera Faspex 5.0.x Web UI XSS Authenticated User Code Exec
CVE-2025-36226
5.4 - Medium
- March 10, 2026
IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
XSS
IBM Aspera Faspex <5.0.14.3 HTTP Header Injection Vulnerability
CVE-2025-36227
5.4 - Medium
- March 10, 2026
IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.
Improper Neutralization of HTTP Headers for Scripting Syntax
IBM Aspera Faspex 5 5.0.0-5.0.14.1 HTML Injection
CVE-2025-36230
5.4 - Medium
- December 26, 2025
IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
Basic XSS
IBM Aspera Faspex 5 Authenticated Package ID Enumeration (v5.0.0-5.0.14.1)
CVE-2025-36229
3.1 - Low
- December 26, 2025
IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 could allow authenticated users to enumerate sensitive information of data due by enumerating package identifiers.
Exposure of Sensitive System Information to an Unauthorized Control Sphere
IBM Aspera Faspex 5 5.0.05.0.14.1 UI/API Permission Leak
CVE-2025-36228
3.8 - Low
- December 26, 2025
IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 may allow inconsistent permissions between the user interface and backend API allowed users to access features that appeared disabled, potentially leading to misuse.
Incorrect Execution-Assigned Permissions
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for IBM Aspera Faspex 5 or by IBM? Click the Watch button to subscribe.
