Aspera Console Under Attack: Cavalier CSV Injection Vulnerability
CVE-2021-38963

8HIGH

Key Information:

Vendor: IBM
Status: Aspera Console
Vendor: CVE Published:; 25 September 2024

Summary

An issue has been identified in IBM Aspera Console versions 3.4.0 to 3.4.4, which allows remote authenticated attackers to exploit the system through a CSV injection vulnerability. This flaw occurs when a specially crafted file is opened by a victim, enabling an attacker to execute arbitrary code on the impacted system. Proper mitigation measures should be implemented to prevent exploitation and to safeguard system integrity.

Affected Version(s)

Aspera Console 3.4.0 <= 3.4.4

References

https://www.ibm.com/support/pages/node/7169765

vendor-advisory

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 25, 2024
Vulnerability Reserved
Aug 16, 2021