IBM Aspera Console cross-site scripting
CVE-2021-38927

7.2HIGH

Key Information:

Vendor: IBM
Status: Aspera Console
Vendor: CVE Published:; 25 December 2023

Summary

IBM Aspera Console 3.4.0 is susceptible to a cross-site scripting vulnerability that permits users to inject arbitrary JavaScript code into the web interface. This malicious code execution can modify the application's intended features, leading to the potential exposure of sensitive credentials during a trusted session. Remediation efforts should be prioritized to ensure the security of user data.

Affected Version(s)

Aspera Console 3.4.0

References

https://www.ibm.com/support/pages/node/7101252

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/210322

vdb-entry

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Dec 25, 2023
Vulnerability Reserved
Aug 16, 2021