CVE-2023-27871

Summary

IBM Aspera Faspex 4.4.2 could allow a remote attacker to obtain sensitive credential information for an external user, using a specially crafted SQL query. IBM X-Force ID: 249613.

Affected Software

VendorProductVersion RangeStatus
IBMAspera Faspex4.4.2affected

Weaknesses

  • 208 Information Exposure Through Timing Discrepancy

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References