Ibm

Aspera Console

13 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2022-43850

  • EPSS 0.03%
  • Published 14.04.2025 20:44:59
  • Last modified 17.07.2025 18:58:04

IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure wit...

4.3

CVE-2022-43840

  • EPSS 0.03%
  • Published 14.04.2025 20:43:28
  • Last modified 24.07.2025 18:15:24

IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to an XPath injection vulnerability, which could allow an authenticated attacker to exfiltrate sensitive application data and/or determine the structure of the XML document.

7.5

CVE-2022-43851

  • EPSS 0.02%
  • Published 14.04.2025 20:39:56
  • Last modified 17.07.2025 18:56:28

IBM Aspera Console 3.4.0 through 3.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

8.8

CVE-2023-27272

  • EPSS 0.03%
  • Published 14.04.2025 20:38:20
  • Last modified 17.07.2025 18:51:51

IBM Aspera Console 3.4.0 through 3.4.4 allows passwords to be reused when a new user logs into the system.

5.3

CVE-2022-43852

  • EPSS 0.04%
  • Published 14.04.2025 20:33:58
  • Last modified 17.07.2025 18:53:41

IBM Aspera Console 3.4.0 through 3.4.4 could disclose sensitive information in HTTP headers that could be used in further attacks against the system.

5.4

CVE-2022-43847

  • EPSS 0.03%
  • Published 14.04.2025 20:22:01
  • Last modified 17.07.2025 19:01:27

IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site s...

7.5

CVE-2022-43845

  • EPSS 0.12%
  • Published 25.09.2024 01:15:32
  • Last modified 30.09.2024 15:53:01

IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie.

8

CVE-2021-38963

  • EPSS 0.22%
  • Published 25.09.2024 01:15:26
  • Last modified 30.09.2024 15:48:54

IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a CSV injection vulnerability. By persuading a victim to open a specially crafted file, an attacker could exploit th...

3.3

CVE-2022-43841

  • EPSS 0.03%
  • Published 30.05.2024 12:15:10
  • Last modified 08.01.2025 17:13:14

IBM Aspera Console 3.4.0 through 3.4.2 PL9 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 239078.

5.4

CVE-2022-43384

  • EPSS 0.07%
  • Published 30.05.2024 12:15:09
  • Last modified 08.01.2025 17:25:10

IBM Aspera Console 3.4.0 through 3.4.2 PL5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure ...