Rewterz Threat Alert – North Korea Linked Konni APT Group – Active IOCs
June 5, 2023Rewterz Threat Alert – Ryuk Ransomware – Active IOCs
June 5, 2023Rewterz Threat Alert – North Korea Linked Konni APT Group – Active IOCs
June 5, 2023Rewterz Threat Alert – Ryuk Ransomware – Active IOCs
June 5, 2023Severity
Medium
Analysis Summary
CVE-2023-27285
IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 is vulnerable to a buffer overflow, caused by improper bounds checking. An attacker could overflow a buffer and execute arbitrary code on the system.
CVE-2023-22862 CVSS:5.9
IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 transmits authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
Impact
- Buffer Overflow
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2023-27285
- CVE-2023-22862
Affected Vendors
IBM
Affected Products
- IBM Aspera Connect 4.2.5
- IBM Aspera Cargo 4.2.5
Remediation
Refer to IBM Security Advisory for patch, upgrade or suggested workaround information.