CVE-2023-37401
BaseFortify
Publication date: 2025-10-09
Last updated on: 2025-10-14
Assigner: IBM Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| ibm | aspera_faspex | From 5.0.0 (inc) to 5.0.14 (exc) |
| microsoft | windows | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-942 | The product uses a web-client protection mechanism such as a Content Security Policy (CSP) or cross-domain policy file, but the policy includes untrusted domains with which the web client is allowed to communicate. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in IBM Aspera Faspex versions 5.0.0 through 5.0.13.1 involves the use of a cross-domain policy file that includes domains which should not be trusted. This means that the application may allow interactions or data exchanges with untrusted domains, potentially leading to security issues.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing untrusted domains to interact with the application, which may lead to limited integrity issues such as unauthorized actions or data manipulation. However, it does not affect confidentiality or availability.