CVE-2024-45098: 
IBM Aspera Faspex vulnerability analysis and mitigation

IBM Aspera Faspex versions 5.0.0 through 5.0.9 contains a security vulnerability that could allow a user to bypass intended access restrictions and conduct resource modification. The vulnerability was disclosed on September 5, 2024, and has been assigned CVE-2024-45098 (NVD, IBM Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 8.1 (HIGH) by NVD with vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N, while IBM Corporation assessed it with a score of 6.8 (MEDIUM) and vector string CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N. The vulnerability is related to CWE-650 (Trusting HTTP Permission Methods on the Server Side) (NVD).

If exploited, this vulnerability could allow an authenticated user to bypass intended access restrictions and perform unauthorized resource modifications. The vulnerability affects both confidentiality and integrity of the system, but does not impact availability (IBM Advisory).

IBM has released version 5.0.10 of Aspera Faspex to address this vulnerability. It is recommended to upgrade to this version as soon as possible. No workarounds are available for this vulnerability (IBM Advisory).