CVE-2023-27279 : IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a user to cause a denial of se

IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a user to cause a denial of service due to missing API rate limiting. IBM X-Force ID: 248533.

Published 2024-04-19 16:39:28

Updated 2024-04-29 19:57:47

Source IBM Corporation

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2023-27279

IBM » Aspera Faspex
Versions from including (>=) 5.0.0 and up to, including, (<=) 5.0.7
cpe:2.3:a:ibm:aspera_faspex:*:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

0.30%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 51 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	2.8	3.6	NIST	2024-04-29
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High
6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	2.8	3.6	IBM Corporation	2024-04-19
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE-799 Improper Control of Interaction Frequency

The product does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming requests.

Assigned by: psirt@us.ibm.com (Secondary)

https://www.ibm.com/support/pages/node/7148632

Security Bulletin: IBM Aspera Faspex is vulnerable to multiple encryption vulnerabilities.
Vendor Advisory

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/248533

IBM Aspera Faspex denial of service CVE-2023-27279 Vulnerability Report
VDB Entry;Vendor Advisory

Jump to