CVE-2023-37413

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Jan 29, 2025

CWE ID 204

Summary

CVE-2023-37413 is a vulnerability impacting IBM Aspera Faspex versions 5.0.0 to 5.0.10. This issue arises due to a discrepancy in response observations, resulting in the unintended disclosure of sensitive username information. An attacker can potentially exploit this vulnerability by analyzing the observable differences in responses from the targeted system. Organizations must update their Aspera Faspex installations to a patched version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

IBM Aspera Faspex

Affected Vendors

IBM Corporation

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/r4xCAs
https://www.cve.org/CVERecord?id=CVE-2023-37413
https://nvd.nist.gov/vuln/detail/CVE-2023-37413

Back to Vulnerability Database