Aspera Console vulnerable to Cross-Site Scripting
CVE-2022-43384

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Aspera Console
Vendor: CVE Published:; 30 May 2024

What is CVE-2022-43384?

IBM Aspera Console versions 3.4.0 through 3.4.2 PL5 are exposed to a cross-site scripting vulnerability that permits the injection of arbitrary JavaScript code within the Web UI. This security flaw can lead to unauthorized alteration of application functionality, which raises significant concerns such as potential exposure of user credentials during an active trusted session. Remediation measures are essential to mitigate the risks associated with this vulnerability, safeguarding user data from possible exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Aspera Console 3.4.0 <= 3.4.2 PL5

References

https://www.ibm.com/support/pages/node/7155215

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/238645

vdb-entry

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
May 30, 2024
Vulnerability Reserved
Oct 17, 2022

JSON

IBM