CVE-2025-36274
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-09-26
Last updated on: 2025-12-11
Assigner: IBM Corporation
Description
Description
IBM Aspera HTTP Gateway 2.0.0 through 2.3.1 stores sensitive information in clear text in easily obtainable files which can be read by an unauthenticated user.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | aspera_http_gateway | From 2.0.0 (inc) to 2.3.2 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-319 | The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in IBM Aspera HTTP Gateway versions 2.0.0 through 2.3.1 involves storing sensitive information in clear text within files that are easily accessible. Because these files can be read by an unauthenticated user, sensitive data is exposed without requiring any authentication.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized disclosure of sensitive information since an unauthenticated user can access files containing clear text sensitive data. This exposure can result in data breaches and compromise confidentiality.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70