CVE-2022-22405: 
IBM Aspera Faspex vulnerability analysis and mitigation

IBM Aspera Faspex 5.0.5 contains a security vulnerability (CVE-2022-22405) related to improper implementation of HTTP Strict Transport Security. The vulnerability was disclosed and published on September 8, 2023, affecting IBM Aspera Faspex version 5.0.5 and prior versions. This security issue could potentially expose sensitive information through man-in-the-middle attacks (IBM Security Bulletin).

The vulnerability is classified with a CVSS v3.1 Base Score of 5.9 (Medium severity) with the vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N. The technical breakdown indicates it has Network attack vector, High attack complexity, requires No privileges, needs No user interaction, has Unchanged scope, with High impact on Confidentiality but No impact on Integrity and Availability (NVD).

The vulnerability's primary impact is the potential exposure of sensitive information through man-in-the-middle techniques. Due to the failure to properly enable HTTP Strict Transport Security, attackers could intercept and access sensitive data transmitted between the client and server (IBM Security Bulletin).

IBM has released version 5.0.6 of Aspera Faspex to address this vulnerability along with several others. It is recommended to upgrade to this version as soon as possible. The fix is available for Linux platforms through the official IBM support portal (IBM Security Bulletin).