Lucene search
+L
IbmAspera Shares

17 matches found

CVE
CVE
added 2025/03/07 4:38 p.m.79 views

CVE-2025-0162

CVE-2025-0162 affects IBM Aspera Shares 1.9.9–1.10.0 PL7. The issue is an XML External Entity (XXE) injection in XML processing, enabling a remote authenticated attacker to disclose sensitive data or cause memory/resource exhaustion. Root cause: improper handling of external entities in XML. Docu...

7.1CVSS6.6AI score0.00465EPSS
CVE
CVE
added 2024/08/09 4:25 p.m.70 views

CVE-2023-38018

IBM Aspera Shares 1.10.0 PL2 contains a vulnerability where a session is not invalidated after a password change, potentially allowing an authenticated user to impersonate another user. Affected product: IBM Aspera Shares; versions up to and including 1.10.0 PL2. Root cause: improper session hand...

6.3CVSS6.2AI score0.00375EPSS
CVE
CVE
added 2025/02/05 10:30 p.m.70 views

CVE-2024-38316

CVE-2024-38316 affects IBM Aspera Shares 1.9.0–1.10.0 PL6, where an authenticated user’s ability to send emails is not properly rate-limited, potentially enabling email flooding and denial of service. The IBM Security Bulletin describes the vulnerability (CWE-770: Allocation of Resources Without ...

6.5CVSS4.8AI score0.00369EPSS
CVE
CVE
added 2025/02/05 10:58 p.m.70 views

CVE-2024-56472

CVE-2024-56472 affects IBM Aspera Shares Web UI (versions 1.9.0–1.10.0 PL6). Root cause is stored cross-site scripting (XSS) that enables authenticated users to embed arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. IBM’s bulletin indicates remediation...

6.4CVSS5.9AI score0.00215EPSS
CVE
CVE
added 2025/02/05 11:1 p.m.70 views

CVE-2024-56473

CVE-2024-56473 affects IBM Aspera Shares 1.9.0 through 1.10.0 PL6. The root cause is improper verification of the Client-IP header, allowing an attacker to spoof their IP address and have it written to log files. According to the IBM Security Bulletin, remediation is to upgrade to IBM Aspera Shar...

5.3CVSS5.2AI score0.00273EPSS
CVE
CVE
added 2025/02/05 10:49 p.m.69 views

CVE-2024-38318

IBM Aspera Shares 1.9.0–1.10.0 PL6 is vulnerable to HTML injection. A remote attacker could inject HTML/JavaScript that runs in the victim’s browser within the hosting site’s security context. The multi-CVE IBM bulletin confirms this HTML injection issue (CVE-2024-38318) among other vulnerabiliti...

6.1CVSS5.2AI score0.00258EPSS
CVE
CVE
added 2025/02/05 10:55 p.m.67 views

CVE-2024-56471

IBM Aspera Shares versions 1.9.0–1.10.0 PL6 are affected by a server-side request forgery (SSRF) vulnerability that could allow an authenticated attacker to send unauthorized requests from the affected system, potentially enabling network enumeration or other attacks. The IBM Security Bulletin no...

5.4CVSS5.4AI score0.00207EPSS
CVE
CVE
added 2025/02/05 10:53 p.m.66 views

CVE-2024-56470

IBM Aspera Shares 1.9.0–1.10.0 PL6 is affected by CVE-2024-56470: a server-side request forgery (SSRF) that could allow an authenticated attacker to issue unauthorized requests from the appliance, potentially enabling network enumeration or enabling other moves. The IBM security bulletin confirms...

5.4CVSS5.4AI score0.00207EPSS
CVE
CVE
added 2025/02/05 10:43 p.m.59 views

CVE-2024-38317

CVE-2024-38317 affects IBM Aspera Shares 1.9.0–1.10.0 PL6. A privileged user can embed arbitrary JavaScript in the Web UI, potentially disclosing credentials in a trusted session (XSS). IBM’s bulletin notes remediation: upgrade to 1.10.0 PL7 (Linux/Windows). No exploitation status provided in the...

4.8CVSS4.9AI score0.00214EPSS
CVE
CVE
added 2020/09/21 2:55 p.m.51 views

CVE-2020-4731

CVE-2020-4731 affects IBM Aspera Shares/Web Application 1.9.14 Patch Level 1 and earlier, with a cross-site scripting (XSS) vulnerability that could embed arbitrary JavaScript in the Web UI and potentially disclose credentials in a trusted session. Root cause: XSS in the web UI as described in IB...

6.1CVSS5.8AI score0.0073EPSS
CVE
CVE
added 2024/09/16 3:5 p.m.41 views

CVE-2024-38315

CVE-2024-38315 – IBM Aspera Shares session handling issue : IBM Aspera Shares versions 1.0.0 to 1.10.0 PL2 do not invalidate a user session after a password reset, which could allow an authenticated user to impersonate another user. Root cause: lack of session invalidation post-password reset. Af...

6.5CVSS6.2AI score0.00227EPSS
CVE
CVE
added 2026/04/01 10:59 p.m.23 views

CVE-2025-66484

CVE-2025-66484 affects IBM Aspera Shares 1.9.9–1.11.0. A stored cross-site scripting vulnerability exists in the Web UI due to failure to adequately filter user input, allowing an attacker to embed arbitrary JavaScript and potentially cause credential disclosure within a trusted session. Remediat...

5.5CVSS5.6AI score0.00193EPSS
CVE
CVE
added 2026/04/01 10:56 p.m.16 views

CVE-2025-66483

IBM Aspera Shares versions 1.9.9–1.11.0 are affected by an access control issue where a password reset does not invalidate the existing session, enabling an authenticated user to impersonate another user. The issue is documented across multiple sources (NVD, Red Hat, CNVD, EU ENISA, etc.) with th...

6.5CVSS5.9AI score0.00176EPSS
CVE
CVE
added 2026/04/01 11:1 p.m.15 views

CVE-2025-66485

CVE-2025-66485 affects IBM Aspera Shares 1.9.9–1.11.0. The issue is HTTP header injection caused by improper HOST header validation, enabling attacks such as cross-site scripting, cache poisoning, and session hijacking. Remediation is available in IBM Aspera Shares 1.11.1 for Windows and Linux. T...

5.4CVSS5.9AI score0.002EPSS
CVE
CVE
added 2026/04/01 11:4 p.m.13 views

CVE-2025-66487

CVE-2025-66487 affects IBM Aspera Shares 1.9.9–1.11.0. The root cause is insufficient rate limiting on email sending by an authenticated user, leading to potential email flooding or a denial of service. The Red Hat and IBM advisories confirm the affected product/version range and describe the rem...

6.5CVSS5.9AI score0.00333EPSS
CVE
CVE
added 2026/04/01 8:46 p.m.11 views

CVE-2025-13916

IBM Aspera Shares versions 1.9.9–1.11.0 are affected by a cryptographic weakness that could allow an attacker to decrypt highly sensitive information. The issue stems from weaker-than-expected cryptographic algorithms used by the service. Public advisories (IBM and CNVD) indicate the vulnerabilit...

7.5CVSS5.9AI score0.00203EPSS
CVE
CVE
added 2026/04/01 11:3 p.m.8 views

CVE-2025-66486

IBM Aspera Shares versions 1.9.9–1.11.0 are vulnerable to HTML injection, enabling a remote attacker to inject HTML that runs in the victim’s browser within the site’s security context. The issue affects IBM Aspera Shares web application components and is addressed by upgrading to version 1.11.1 ...

6.1CVSS5.9AI score0.00241EPSS