108 matches found
Security Bulletin: Multiple vulnerabilities with the Nginx web server used in IBM Aspera Shares 1.9.2 and earlier
Question Security Bulletin: Multiple vulnerabilities with the Nginx web server used in IBM Aspera Shares 1.9.2 and earlier "Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Product":"code":"SS8NDZ","label":"IBM Aspera","Component":"","Platform":"code":"PF025","label":"Platform...
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Aspera Orchestrator, IBM Aspera Virtual Catcher, IBM Aspera Faspex, IBM Aspera Shar
Question Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Aspera Orchestrator, IBM Aspera Virtual Catcher, IBM Aspera Faspex, IBM Aspera Shares "Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Product":"code":"SS8NDZ","label":"IBM...
Security Bulletin: Multiple vulnerabilities Perl Compatible Regular Expression (PCRE) libraries - IBM Aspera Shares Application
Question Security Bulletin: Multiple vulnerabilities with the open source Perl Compatible Regular Expression PCRE libraries used in IBM Aspera Shares Application "Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Product":"code":"SS8NDZ","label":"IBM...
Security Bulletin: Vulnerability with the open source Perl Compatible Regular Expression (PCRE) library used in IBM Aspera Shares 1.9.2 and earlier
Question Security Bulletin: Vulnerability with the open source Perl Compatible Regular Expression PCRE library used in IBM Aspera Shares 1.9.2 and earlier "Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Product":"code":"SS8NDZ","label":"IBM...
Security Bulletin: Multiple OpenSSL vulnerabilities affect IBM Aspera Shares 1.9.4 or earlier and IBM Aspera Console 3.0.6 or earlier
Question Security Bulletin: Multiple OpenSSL vulnerabilities affect IBM Aspera Shares 1.9.4 or earlier and IBM Aspera Console 3.0.6 or earlier "Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Product":"code":"SS8NDZ","label":"IBM...
Security Bulletin: Multiple vulnerabilities have been addressed in IBM Aspera Shares
Summary Multiple vulnerabilities have been addressed in IBM Aspera Shares Version 1.11.3 Vulnerability Details CVEID:CVE-2026-42245 DESCRIPTION: Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4,...
IBM Aspera Shares Input Validation Error Vulnerability (CNVD-2026-16874)
IBM Aspera Shares is a Web application from International Business Machines IBM. An input validation error vulnerability exists in IBM Aspera Shares. The vulnerability stems from improper input validation of the HOST header and can be exploited by an attacker to cause cross-site scripting, cache...
IBM Aspera Shares Encryption Problem Vulnerability (CNVD-2026-16873)
IBM Aspera Shares is a Web application from International Business Machines IBM. An encryption issue vulnerability exists in IBM Aspera Shares versions 1.9.9 through 1.11.0. The vulnerability stems from the use of a weak encryption algorithm and can be exploited by an attacker to decrypt highly...
CVE-2025-66484
IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...
CVE-2025-66483
IBM Aspera Shares 1.9.9 through 1.11.0 does not invalidate session after a password reset which could allow an authenticated user to impersonate another user on the system...
CVE-2025-66486
IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...
CVE-2025-13916
IBM Aspera Shares 1.9.9 through 1.11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...
CVE-2025-66485
IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking...
CVE-2025-66487 Multiple vulnerabilities have been addressed in IBM Aspera Shares
IBM Aspera Shares 1.9.9 through 1.11.0 does not properly rate limit the frequency that an authenticated user can send emails, which could result in email flooding or a denial of service...
CVE-2025-66487
CVE-2025-66487 affects IBM Aspera Shares 1.9.9–1.11.0. The root cause is insufficient rate limiting on email sending by an authenticated user, leading to potential email flooding or a denial of service. The Red Hat and IBM advisories confirm the affected product/version range and describe the rem...
CVE-2025-66487
IBM Aspera Shares 1.9.9 through 1.11.0 does not properly rate limit the frequency that an authenticated user can send emails, which could result in email flooding or a denial of service...
CVE-2025-66486
IBM Aspera Shares versions 1.9.9–1.11.0 are vulnerable to HTML injection, enabling a remote attacker to inject HTML that runs in the victim’s browser within the site’s security context. The issue affects IBM Aspera Shares web application components and is addressed by upgrading to version 1.11.1 ...
CVE-2025-66486 Multiple vulnerabilities have been addressed in IBM Aspera Shares
IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...
CVE-2025-66485 Multiple vulnerabilities have been addressed in IBM Aspera Shares
IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking...
CVE-2025-66485 Multiple vulnerabilities have been addressed in IBM Aspera Shares
IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking...