Lucene search
IbmCVE-2023-38018HistoryAug 12, 2024 - 1:38 p.m.
CVE-2023-38018
2024-08-1213:38:10
CWE-384
ibm
web.nvd.nist.gov
32
ibm
aspera
shares
session fixation
vulnerability
password change
CVSS3
6.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
AI Score
6.2
Confidence
High
EPSS
0
Percentile
14.7%
IBM Aspera Shares 1.10.0 PL2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 260574.
Affected configurations
Node
ibmaspera_sharesMatch1.10.0patch_level2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | aspera_shares | 1.10.0 | cpe:2.3:a:ibm:aspera_shares:1.10.0:patch_level2:*:*:*:*:*:* |
CNA Affected
[
{
"cpes": [
"cpe:2.3:a:ibm:aspera_shares:1.10.0:patch_level2:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Aspera Shares",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "1.10.0 PL2"
}
]
}
]References
Related
vulnrichment
vulnrichment
CVE-2023-38018 IBM Aspera Shares session fixation
2024-08-09 16:25:10
cvelist
cvelist
CVE-2023-38018 IBM Aspera Shares session fixation
2024-08-09 16:25:10
ibm
ibm
nvd
nvd
CVE-2023-38018
2024-08-12 13:38:10
CVSS3
6.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
AI Score
6.2
Confidence
High
EPSS
0
Percentile
14.7%
Related for CVE-2023-38018