Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM65199C7C1101B52A3BF564C475193AD75591FF81B36A8F2F7E06D4D2B1EA0146
HistoryFeb 21, 2022 - 1:13 a.m.

Security Bulletin: IBM Aspera Shares 1.9.14 Patch Level 1 and earlier are vulnerable to DOM XSS

2022-02-2101:13:01
www.ibm.com
17

0.001 Low

EPSS

Percentile

29.7%

JSON

Summary

DOM XSS on IBM Aspera Shares 1.9.14 Patch Level 1 and earlier could lead to HTML/JS injection and Account takeover.

Vulnerability Details

**CVEID:**CVE-2020-4731
**DESCRIPTION:**IBM Aspera Web Application is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 6.1
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/188055&gt; for more information
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Aspera Shares 1.9.14 Patch Level 1 and earlier

Remediation/Fixes

Products

|

VRMF

|

APAR

|

Remediation/First Fix

—|—|—|—
IBM Aspera Shares| 1.9.14 Patch Level 2|

AS-420

|

Download Link

Workarounds and Mitigations

None

Related

prion 1
nvd 1
cvelist 1
cve 1
prion
prion
Cross site scripting
2020-09-21 15:15:00
nvd
nvd
CVE-2020-4731
2020-09-21 15:15:13
cvelist
cvelist
CVE-2020-4731
2020-09-16 00:00:00
cve
cve
CVE-2020-4731
2020-09-21 15:15:13

0.001 Low

EPSS

Percentile

29.7%

JSON
Related for 65199C7C1101B52A3BF564C475193AD75591FF81B36A8F2F7E06D4D2B1EA0146
prion1nvd1cvelist1cve1