Aspera Shares Security Vulnerabilities and Issues — Aspera Shares CVE List

Lucene search

IbmAspera Shares

11 matches found

CVE•added 2025/02/05 11:15 p.m.•59 views

CVE-2024-38316

IBM Aspera Shares 1.9.0 through 1.10.0 PL6 does not properly rate limit the frequency that an authenticated user can send emails, which could result in email flooding or a denial of service.

6.5CVSS4.8AI score0.00132EPSS

CVE•added 2025/03/07 5:15 p.m.•58 views

CVE-2025-0162

IBM Aspera Shares 1.9.9 through 1.10.0 PL7 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to expose sensitive information or consume memory resources.

7.1CVSS6.6AI score0.00218EPSS

CVE•added 2024/08/12 1:38 p.m.•54 views

CVE-2023-38018

IBM Aspera Shares 1.10.0 PL2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 260574.

6.3CVSS6.2AI score0.00047EPSS

CVE•added 2025/02/05 11:15 p.m.•53 views

CVE-2024-38318

IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.

6.1CVSS5.2AI score0.00034EPSS

CVE•added 2025/02/05 11:15 p.m.•50 views

CVE-2024-56470

IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

5.4CVSS5.4AI score0.00042EPSS

CVE•added 2025/02/05 11:15 p.m.•50 views

CVE-2024-56473

IBM Aspera Shares 1.9.0 through 1.10.0 PL6 could allow an attacker to spoof their IP address, which is written to log files, due to improper verification of 'Client-IP' headers.

5.3CVSS5.2AI score0.00055EPSS

CVE•added 2025/02/05 11:15 p.m.•49 views

CVE-2024-56471

5.4CVSS5.4AI score0.00042EPSS

CVE•added 2025/02/05 11:15 p.m.•49 views

CVE-2024-56472

IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

6.4CVSS5.9AI score0.00032EPSS

CVE•added 2025/02/05 11:15 p.m.•47 views

CVE-2024-38317

IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

4.8CVSS4.9AI score0.00029EPSS

CVE•added 2020/09/21 3:15 p.m.•37 views

CVE-2020-4731

IBM Aspera Web Application 1.9.14 PL1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188055.

6.1CVSS5.8AI score0.00131EPSS

CVE•added 2024/09/16 3:15 p.m.•22 views

CVE-2024-38315

IBM Aspera Shares 1.0 through 1.10.0 PL3 does not invalidate session after a password reset which could allow an authenticated user to impersonate another user on the system.

6.5CVSS6.2AI score0.00056EPSS