IBM Aspera Faspex IP Whitelist Bypass (4.05.0.5)
CVE-2023-30995 Published on September 8, 2023

IBM Aspera Faspex improper access control
IBM Aspera Faspex 4.0 through 4.4.2 and 5.0 through 5.0.5 could allow a malicious actor to bypass IP whitelist restrictions using a specially crafted HTTP request. IBM X-Force ID: 254268.

Vendor Advisory Vendor Advisory NVD

Vulnerability Analysis

CVE-2023-30995 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

NONE

Integrity Impact:

HIGH

Availability Impact:

NONE

Products Associated with CVE-2023-30995

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-30995 are published in IBM Aspera Faspex:

IBM Aspera Faspex

Affected Versions

IBM Aspera Faspex:

Version 5.0, <= 5.0.5 is affected.
Version 4.0, <= 4.4.2 is affected.

ibm aspera_faspex:

Version 5.0, <= 5.05 is affected.
Version 4.0, <= 4.4.2 is affected.

Exploit Probability

EPSS

0.02%

Percentile

3.57%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

IBM Aspera Faspex IP Whitelist Bypass (4.05.0.5)CVE-2023-30995 Published on September 8, 2023

Vulnerability Analysis

Products Associated with CVE-2023-30995

Affected Versions

Exploit Probability

IBM Aspera Faspex IP Whitelist Bypass (4.05.0.5)
CVE-2023-30995 Published on September 8, 2023