Aspera Console vulnerable to Cross-Site Scripting
CVE-2022-43384
5.4MEDIUM
What is CVE-2022-43384?
IBM Aspera Console versions 3.4.0 through 3.4.2 PL5 are exposed to a cross-site scripting vulnerability that permits the injection of arbitrary JavaScript code within the Web UI. This security flaw can lead to unauthorized alteration of application functionality, which raises significant concerns such as potential exposure of user credentials during an active trusted session. Remediation measures are essential to mitigate the risks associated with this vulnerability, safeguarding user data from possible exploitation.
Affected Version(s)
Aspera Console 3.4.0 <= 3.4.2 PL5