4

CVE-2022-43841

IBM Aspera Console 3.4.0 through 3.4.2 PL9 allows web pages to be stored locally which can be read by another user on the system.  IBM X-Force ID:  239078.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmAspera Console Version >= 3.4.0 <= 3.4.2
IbmAspera Console Version3.4.2 Updatepatch_level_1
IbmAspera Console Version3.4.2 Updatepatch_level_2
IbmAspera Console Version3.4.2 Updatepatch_level_3
IbmAspera Console Version3.4.2 Updatepatch_level_4
IbmAspera Console Version3.4.2 Updatepatch_level_5
IbmAspera Console Version3.4.2 Updatepatch_level_6
IbmAspera Console Version3.4.2 Updatepatch_level_7
IbmAspera Console Version3.4.2 Updatepatch_level_8
IbmAspera Console Version3.4.2 Updatepatch_level_9
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.03% 0.065
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 3.3 1.8 1.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
psirt@us.ibm.com 4 2.5 1.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE-525 Use of Web Browser Cache Containing Sensitive Information

The web application does not use an appropriate caching policy that specifies the extent to which each web page and associated form fields should be cached.