exploitDog

CVE-2022-22405

Опубликовано: 08 сент. 2023

Источник: nvd

CVSS3: 5.9

EPSS Низкий

Описание

IBM Aspera Faspex 5.0.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 222576.

Ссылки

https://exchange.xforce.ibmcloud.com/vulnerabilities/222576
VDB Entry
Vendor Advisory
https://www.ibm.com/support/pages/node/7029681
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/222576
VDB Entry
Vendor Advisory
https://www.ibm.com/support/pages/node/7029681
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:ibm:aspera_faspex:*:*:*:*:*:*:*:*

Версия до 5.0.5 (включая)

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

EPSS

Процентиль: 3%

0.00016

Низкий

5.9 Medium

CVSS3

Дефекты

CWE-311

CWE-311

Связанные уязвимости

GHSA-qx6q-qj4h-vgrq

CVSS3: 5.9

github

больше 2 лет назад

IBM Aspera Faspex 5.0.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 222576.

EPSS

Процентиль: 3%

0.00016

Низкий

5.9 Medium

CVSS3

Дефекты

CWE-311

CWE-311