CVE-2023-27875: 
IBM Aspera Faspex vulnerability analysis and mitigation

IBM Aspera Faspex 5.0.4 contains a vulnerability (CVE-2023-27875) that could allow a user to change other user's credentials due to improper access controls. The vulnerability was discovered and disclosed in March 2023, affecting the Aspera Faspex core component running on both Linux and Windows platforms (IBM Security Bulletin).

The vulnerability has been assigned a CVSS Base score of 7.5 HIGH with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N. The issue stems from improper access controls that allow an unauthenticated user to obtain a token that enables them to change another user's password (IBM Security Bulletin).

An unauthenticated attacker could exploit this vulnerability to change other users' credentials, potentially leading to unauthorized access to user accounts and compromising the system's security (IBM Security Bulletin).

IBM has released a fix for this vulnerability. Users are advised to upgrade to the latest container image with ID 0eb99934c3c2 and tag 5.0.4. No workarounds are available for this vulnerability, making the upgrade the only solution (IBM Security Bulletin).