Aspera Console Security Vulnerabilities and Issues — Aspera Console CVE List

Lucene search

IbmAspera Console

13 matches found

CVE•added 2024/02/23 7:15 p.m.•80 views

CVE-2022-43842

IBM Aspera Console 3.4.0 through 3.4.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 239079.

9.1CVSS8.6AI score0.00034EPSS

CVE•added 2025/04/14 9:15 p.m.•76 views

CVE-2023-27272

IBM Aspera Console 3.4.0 through 3.4.4 allows passwords to be reused when a new user logs into the system.

8.8CVSS3.7AI score0.00016EPSS

CVE•added 2025/04/14 9:15 p.m.•70 views

CVE-2022-43847

IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.

5.4CVSS5.3AI score0.00015EPSS

CVE•added 2025/04/14 9:15 p.m.•67 views

CVE-2022-43850

IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

5.4CVSS5.2AI score0.00015EPSS

CVE•added 2025/04/14 9:15 p.m.•66 views

CVE-2022-43840

IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to an XPath injection vulnerability, which could allow an authenticated attacker to exfiltrate sensitive application data and/or determine the structure of the XML document.

4.3CVSS4.6AI score0.00019EPSS

CVE•added 2025/04/14 9:15 p.m.•66 views

CVE-2022-43852

IBM Aspera Console 3.4.0 through 3.4.4 could disclose sensitive information in HTTP headers that could be used in further attacks against the system.

5.3CVSS5AI score0.0002EPSS

CVE•added 2025/04/14 9:15 p.m.•60 views

CVE-2022-43851

IBM Aspera Console 3.4.0 through 3.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

7.5CVSS5.6AI score0.00009EPSS

CVE•added 2024/05/30 12:15 p.m.•56 views

CVE-2022-43841

IBM Aspera Console 3.4.0 through 3.4.2 PL9 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 239078.

4CVSS3.6AI score0.0003EPSS

CVE•added 2024/05/30 12:15 p.m.•53 views

CVE-2022-43575

IBM Aspera Console 3.4.0 through 3.4.2 PL5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 238645.

5.4CVSS5.2AI score0.00074EPSS

CVE•added 2024/05/30 12:15 p.m.•50 views

CVE-2022-43384

5.4CVSS4.5AI score0.00074EPSS

CVE•added 2024/09/25 1:15 a.m.•46 views

CVE-2021-38963

IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a CSV injection vulnerability. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the...

8CVSS8.1AI score0.00146EPSS

CVE•added 2024/09/25 1:15 a.m.•43 views

CVE-2022-43845

IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie.

7.5CVSS4.3AI score0.00076EPSS

CVE•added 2023/12/25 3:15 a.m.•42 views

CVE-2021-38927

IBM Aspera Console 3.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 210322.

7.2CVSS5.8AI score0.00072EPSS