CVE-2022-22402: 
IBM Aspera Faspex vulnerability analysis and mitigation

IBM Aspera Faspex 5.0.5 was found to contain a cross-site scripting vulnerability (CVE-2022-22402). The vulnerability allows attackers to embed arbitrary JavaScript code in the Web UI, potentially leading to credentials disclosure within a trusted session (IBM Advisory).

The vulnerability has been assigned a CVSS v3.1 Base Score of 5.4 (Medium) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. This indicates that the vulnerability requires network access, low attack complexity, low privileges, and user interaction. The scope is changed, with low impacts to both confidentiality and integrity, but no impact on availability (NVD).

The vulnerability can alter the intended functionality of the web interface and potentially lead to credentials disclosure within a trusted session. The cross-site scripting vulnerability allows attackers to execute arbitrary JavaScript code in the context of the user's browser (IBM Advisory).

IBM has released version 5.0.6 of Aspera Faspex to address this vulnerability along with several others. It is recommended to upgrade to this version as soon as possible. No workarounds are available for this vulnerability (IBM Advisory).