Jan Van Der Put

**Name of the Vulnerable Software and Affected Versions** IBM Aspera Faspex versions 5.0.0 through 5.0.9 **Description** A user with access to the package can obtain sensitive information through a directory listing. This issue affects users with package access, allowing them to get sensitive details. **Recommendations** For versions 5.0.0 through 5.0.9, consider restricting access to sensitive directories to minimize the risk of exploitation. As a temporary workaround, limit the directory listing functionality until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM Aspera Faspex versions 5.0.0 through 5.0.9 **Description** The issue allows a user to bypass intended access restrictions and conduct resource modification. **Recommendations** For IBM Aspera Faspex versions 5.0.0 through 5.0.9, update to a version that includes the fix for this issue to prevent unauthorized access and resource modification. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM Aspera Faspex versions 5.0.0 through 5.0.9 **Description** The issue allows a user to bypass intended access restrictions and conduct resource modification. This flaw enables users to access and modify resources that they should not have access to, potentially leading to unauthorized data modification or other security breaches. **Recommendations** For versions 5.0.0 through 5.0.9, update to version 5.0.10 or later to resolve the issue. At the moment, there is no information about other mitigation measures for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 92.0.4515.107 **Description** The issue is related to insufficient policy enforcement in the Installer component of Google Chrome, which can be exploited by a remote attacker to perform local privilege escalation via a crafted file. This can allow the attacker to bypass security restrictions and gain unauthorized access to protected information. **Recommendations** For versions prior to 92.0.4515.107, update to version 92.0.4515.107 or later to resolve the issue. As a temporary workaround, consider restricting access to the Installer component until a patch is applied.