CVE-2023-37413: 
IBM Aspera Faspex vulnerability analysis and mitigation

IBM Aspera Faspex versions 5.0.0 through 5.0.10 could disclose sensitive username information due to an observable response discrepancy (IBM Support). The vulnerability was assigned CVE-2023-37413 and has a CVSS base score of 5.3, indicating a moderate severity level. The vulnerability is classified under CWE-204: Observable Response Discrepancy.

The vulnerability is characterized by an observable response discrepancy that could lead to the disclosure of sensitive username information. The CVSS vector for this vulnerability is (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N), indicating that it can be exploited over the network with low attack complexity, requires no privileges or user interaction, and affects only the confidentiality of the system to a low degree (IBM Support).

The vulnerability could result in the disclosure of sensitive username information from the affected IBM Aspera Faspex system. This information disclosure could potentially be used by attackers for reconnaissance or as part of a larger attack campaign (IBM Support).

IBM has released version 5.0.11 to address this vulnerability. It is recommended to upgrade to this version as soon as possible. No workarounds have been identified for this vulnerability (IBM Support).