Cross-Site Scripting Vulnerability in IBM Aspera Web Application
CVE-2020-4731

6.1MEDIUM

Key Information:

Vendor: IBM
Status: Aspera Shares
Vendor: CVE Published:; 21 September 2020

Summary

The IBM Aspera Web Application version 1.9.14 PL1 is susceptible to cross-site scripting attacks. This vulnerability enables attackers to inject arbitrary JavaScript code into the web user interface, potentially altering the intended behavior of the application. As a result, authenticated users may unknowingly expose their credentials during a trusted session. It is crucial for users of this application to be aware of this risk and take necessary precautions to protect sensitive information.

Affected Version(s)

Aspera Shares 1.9.14.PL1

References

https://www.ibm.com/support/pages/node/6326929

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/188055

vdb-entryx_refsource_XF

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Sep 21, 2020
Vulnerability Reserved
Dec 30, 2019