CVE-2023-27871

IBM Aspera Faspex 4.4.2 could allow a remote attacker to obtain sensitive credential information for an external user, using a specially crafted SQL query. IBM X-Force ID: 249613.
References
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:ibm:aspera_faspex:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:aspera_faspex:4.4.2:patch_level_1:*:*:*:*:*:*
cpe:2.3:a:ibm:aspera_faspex:4.4.2:patch_level_2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

History

24 Mar 2023, 19:02

Type Values Removed Values Added
References (MISC) https://exchange.xforce.ibmcloud.com/vulnerabilities/249613 - (MISC) https://exchange.xforce.ibmcloud.com/vulnerabilities/249613 - VDB Entry, Vendor Advisory
References (MISC) https://www.ibm.com/support/pages/node/6964694 - (MISC) https://www.ibm.com/support/pages/node/6964694 - Patch, Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
CPE cpe:2.3:a:ibm:aspera_faspex:4.4.2:patch_level_1:*:*:*:*:*:*
cpe:2.3:a:ibm:aspera_faspex:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:a:ibm:aspera_faspex:4.4.2:patch_level_2:*:*:*:*:*:*
CWE CWE-89

21 Mar 2023, 17:00

Type Values Removed Values Added
New CVE

Information

Published : 2023-03-21 15:15

Updated : 2024-02-04 23:37


NVD link : CVE-2023-27871

Mitre link : CVE-2023-27871

CVE.ORG link : CVE-2023-27871


JSON object : View

Products Affected

ibm

  • aspera_faspex

linux

  • linux_kernel
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')