Summary IBM Aspera Faspex 5.0.8 has addressed multiple encryption vulnerabilities (CVE-2023-22869, CVE-2023-37396, CVE-2023-27279, CVE-2023-37395, CVE-2023-37397, CVE-2022-40745) Vulnerability Details ** CVEID: CVE-2023-22869 DESCRIPTION: **IBM Aspera Faspex stores potentially sensitive information in log files that could be read by a local user. CVSS Base score: 6.2 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/244119 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) ** CVEID: CVE-2023-37396 DESCRIPTION: **IBM Aspera Faspex could allow a local user to obtain sensitive information due to improper encryption of certain data. CVSS Base score: 2.9 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/259671 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) ** CVEID: CVE-2023-27279 DESCRIPTION: **IBM Aspera Faspex 5 could allow a user to cause a denial of service due to missing API rate limiting. CVSS Base score: 6.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/248533 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) ** CVEID: CVE-2023-37395 DESCRIPTION: **IBM Aspera Faspex could allow a local user to obtain sensitive information due to improper encryption of certain data. CVSS Base score: 2.9 CVSS Temporal Score: See: …Read More