Aspera Console Security Vulnerabilities and Issues — Aspera Console CVE List

Lucene search

IbmAspera Console

6 matches found

CVE•added 2025/04/14 9:15 p.m.•76 views

CVE-2023-27272

IBM Aspera Console 3.4.0 through 3.4.4 allows passwords to be reused when a new user logs into the system.

8.8CVSS3.7AI score0.00016EPSS

CVE•added 2025/04/14 9:15 p.m.•70 views

CVE-2022-43847

IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.

5.4CVSS5.3AI score0.00015EPSS

CVE•added 2025/04/14 9:15 p.m.•67 views

CVE-2022-43840

IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to an XPath injection vulnerability, which could allow an authenticated attacker to exfiltrate sensitive application data and/or determine the structure of the XML document.

4.3CVSS4.6AI score0.00019EPSS

CVE•added 2025/04/14 9:15 p.m.•67 views

CVE-2022-43850

IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

5.4CVSS5.2AI score0.00015EPSS

CVE•added 2025/04/14 9:15 p.m.•66 views

CVE-2022-43852

IBM Aspera Console 3.4.0 through 3.4.4 could disclose sensitive information in HTTP headers that could be used in further attacks against the system.

5.3CVSS5AI score0.0002EPSS

CVE•added 2025/04/14 9:15 p.m.•60 views

CVE-2022-43851

IBM Aspera Console 3.4.0 through 3.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

7.5CVSS5.6AI score0.00009EPSS