CVE-2023-24965: 
IBM Aspera Faspex vulnerability analysis and mitigation

IBM Aspera Faspex 5.0.5 contains a security vulnerability (CVE-2023-24965) where the application does not restrict or incorrectly restricts access to a resource from an unauthorized actor (IBM Support). The vulnerability was discovered and disclosed in early 2023, affecting IBM Aspera Faspex version 5.0.5 and prior versions (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 5.3 MEDIUM (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) by NIST NVD, while IBM assigned it a score of 5.8 MEDIUM (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N). The vulnerability is related to CWE-668 (Exposure of Resource to Wrong Sphere) (NVD).

The vulnerability could allow unauthorized actors to access resources that should be restricted, potentially leading to information disclosure. The impact is primarily on the confidentiality of the system, with no direct effect on integrity or availability (IBM Support).

IBM has released version 5.0.6 of Aspera Faspex to address this vulnerability along with several others. It is recommended to upgrade to this version as soon as possible. The fix is available for Linux platforms (IBM Support).