IBM Aspera Faspex <=5.0.10 Priv Escal via Improper ACL
CVE-2023-37412 Published on January 29, 2025

IBM Aspera Faspex improper access control
IBM Aspera Faspex 5.0.0 through 5.0.10 could allow a privileged user to make system changes without proper access controls.

NVD

Vulnerability Analysis

CVE-2023-37412 is exploitable with network access, and requires user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.

Attack Vector:

NETWORK

Attack Complexity:

HIGH

Privileges Required:

HIGH

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

NONE

Integrity Impact:

HIGH

Availability Impact:

NONE

Weakness Type

Execution with Unnecessary Privileges

The software performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.

Products Associated with CVE-2023-37412

Want to know whenever a new CVE is published for IBM Aspera Faspex? stack.watch will email you.

IBM Aspera Faspex

Affected Versions

IBM Aspera Faspex:

Version 5.0.0, <= 5.0.10 is affected.

Exploit Probability

EPSS

0.05%

Percentile

16.69%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

IBM Aspera Faspex <=5.0.10 Priv Escal via Improper ACLCVE-2023-37412 Published on January 29, 2025

Vulnerability Analysis

Weakness Type

Execution with Unnecessary Privileges

Products Associated with CVE-2023-37412

Affected Versions

Exploit Probability

IBM Aspera Faspex <=5.0.10 Priv Escal via Improper ACL
CVE-2023-37412 Published on January 29, 2025