What is the severity of CVE-2023-22862?

CVE-2023-22862 is categorized with a high severity due to the potential for unauthorized interception of authentication credentials.

How do I fix CVE-2023-22862?

To fix CVE-2023-22862, upgrade to versions newer than IBM Aspera Connect and Cargo 4.2.6.

Which versions of IBM Aspera are affected by CVE-2023-22862?

IBM Aspera Connect and Cargo versions 4.2.5 are affected by CVE-2023-22862.

What kind of attack can exploit CVE-2023-22862?

CVE-2023-22862 can be exploited through man-in-the-middle attacks that intercept authentication credentials during transmission.

Is there a workaround for CVE-2023-22862?

There is no known workaround for CVE-2023-22862 besides upgrading to a secure version.

Vulnerability/
CVE-2023-22862

high

7.5

CWE

522 523

4/6/2023

8/1/2025

CVE-2023-22862: IBM Aspera information disclosure

First published: Sun Jun 04 2023(Updated: )

IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 transmits authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

Credit: psirt@us.ibm.com psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Aspera Cargo	<4.2.6
IBM Aspera Connect	<4.2.6

Remedy

https://www.ibm.com/support/pages/node/7001053

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2023-22862?
CVE-2023-22862 is categorized with a high severity due to the potential for unauthorized interception of authentication credentials.
How do I fix CVE-2023-22862?
To fix CVE-2023-22862, upgrade to versions newer than IBM Aspera Connect and Cargo 4.2.6.
Which versions of IBM Aspera are affected by CVE-2023-22862?
IBM Aspera Connect and Cargo versions 4.2.5 are affected by CVE-2023-22862.
What kind of attack can exploit CVE-2023-22862?
CVE-2023-22862 can be exploited through man-in-the-middle attacks that intercept authentication credentials during transmission.
Is there a workaround for CVE-2023-22862?
There is no known workaround for CVE-2023-22862 besides upgrading to a secure version.

collector/nvd-index
agent/references
agent/type
agent/softwarecombine
agent/weakness
agent/title
agent/severity
agent/remedy
agent/description
agent/first-publish-date
agent/event
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/author
agent/tags
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
vendor/ibm
canonical/ibm aspera cargo
canonical/ibm aspera connect

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

Frequently Asked Questions

What is the severity of CVE-2023-22862?
CVE-2023-22862 is categorized with a high severity due to the potential for unauthorized interception of authentication credentials.
How do I fix CVE-2023-22862?
To fix CVE-2023-22862, upgrade to versions newer than IBM Aspera Connect and Cargo 4.2.6.
Which versions of IBM Aspera are affected by CVE-2023-22862?
IBM Aspera Connect and Cargo versions 4.2.5 are affected by CVE-2023-22862.
What kind of attack can exploit CVE-2023-22862?
CVE-2023-22862 can be exploited through man-in-the-middle attacks that intercept authentication credentials during transmission.
Is there a workaround for CVE-2023-22862?
There is no known workaround for CVE-2023-22862 besides upgrading to a secure version.