CVE-2023-22862

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions IBM Aspera Connect version 4.2.5 IBM Aspera Cargo version 4.2.5

Description The issue concerns the transmission of authentication credentials using an insecure method, making them susceptible to unauthorized interception and/or retrieval.

Recommendations For IBM Aspera Connect version 4.2.5, consider disabling the transmission of authentication credentials until a secure method is implemented. For IBM Aspera Cargo version 4.2.5, restrict access to sensitive areas where authentication credentials are used to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522CWE-523

Related Identifiers

CVE-2023-22862

Affected Products

Ibm Aspera Cargo

Ibm Aspera Connect

CVE-2023-22862

Weakness Enumeration

Related Identifiers

Affected Products

References · 7