CVE-2023-22862: 
IBM Aspera Connect vulnerability analysis and mitigation

IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 were found to contain a security vulnerability where authentication credentials are transmitted using an insecure method, making them susceptible to unauthorized interception and retrieval. The vulnerability was assigned CVE-2023-22862 and was disclosed on June 4, 2023 (IBM Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH) by NIST with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, while IBM Corporation assessed it with a score of 5.9 (MEDIUM) and vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N. The vulnerability is classified under CWE-522 (Insufficiently Protected Credentials) and CWE-523 (Unprotected Transport of Credentials) (NVD).

The vulnerability could allow unauthorized parties to intercept and retrieve authentication credentials during transmission, potentially leading to unauthorized access to affected systems (IBM Advisory).

IBM has released version 4.2.6 for both Aspera Connect and Aspera Cargo to address this vulnerability. It is recommended to upgrade to these versions as soon as possible (IBM Advisory).