Lucene search
IBMCFAB6F91026AC952EDF0039AE7CD021A7113943A998A9F519DC1E71B23415261HistorySep 28, 2021 - 8:18 p.m.
Security Bulletin: IBM Aspera on Cloud was vulnerable to a cross-site scripting vulnerability (CVE-2021-38870)
2021-09-2820:18:43
www.ibm.com
6
0.001 Low
EPSS
Percentile
19.5%
Summary
IBM Aspera on Cloud was fixed to address the below cross-site scripting vulnerability.
Vulnerability Details
CVEID:CVE-2021-38870
**DESCRIPTION:**IBM Aspera is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base score: 6.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/208343 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)
Affected Products and Versions
Affected Product(s)
Aspera on Cloud
Remediation/Fixes
Affected Product(s)
Aspera on Cloud
- There is no action required by the customer as the fixed was deployed to the SaaS environment.
Workarounds and Mitigations
None
Related
cve
cve
CVE-2021-38870
2021-09-23 18:15:11
cnvd
cnvd
IBM Aspera Cross-Site Scripting Vulnerability
2021-09-27 00:00:00
nvd
nvd
CVE-2021-38870
2021-09-23 18:15:11
cvelist
cvelist
CVE-2021-38870
2021-09-22 00:00:00
prion
prion
Cross site scripting
2021-09-23 18:15:00
0.001 Low
EPSS
Percentile
19.5%
Related for CFAB6F91026AC952EDF0039AE7CD021A7113943A998A9F519DC1E71B23415261