Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2022-40744
CVE-2022-40744:
IBM Aspera Faspex vulnerability analysis and mitigation
Overview
IBM Aspera Faspex 5.0.6 was identified with a stored cross-site scripting vulnerability (CVE-2022-40744). The vulnerability was disclosed on February 1, 2024, affecting IBM Aspera Faspex versions up to 5.0.6 (NVD, IBM Advisory).
Technical details
The vulnerability allows users to embed arbitrary JavaScript code in the Web UI, which can alter the intended functionality of the application. The vulnerability has been assigned a CVSS v3.1 base score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, indicating network accessibility, low attack complexity, and required user interaction (NVD).
Impact
The primary impact of this vulnerability is the potential disclosure of credentials within a trusted session. The vulnerability affects both confidentiality and integrity at a low level, while having no direct impact on availability (IBM Advisory).
Mitigation and workarounds
IBM has released version 5.0.7 as a fix for this vulnerability. It is recommended to upgrade to this version as soon as possible. No temporary workarounds have been identified (IBM Advisory).
Additional resources
Source: This report was generated using AI
Related IBM Aspera Faspex vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management