Aspera Console vulnerable to Cross-Site Scripting
CVE-2022-43384

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Aspera Console
Vendor: CVE Published:; 30 May 2024

Summary

IBM Aspera Console versions 3.4.0 through 3.4.2 PL5 are exposed to a cross-site scripting vulnerability that permits the injection of arbitrary JavaScript code within the Web UI. This security flaw can lead to unauthorized alteration of application functionality, which raises significant concerns such as potential exposure of user credentials during an active trusted session. Remediation measures are essential to mitigate the risks associated with this vulnerability, safeguarding user data from possible exploitation.

Affected Version(s)

Aspera Console 3.4.0 <= 3.4.2 PL5

References

https://www.ibm.com/support/pages/node/7155215

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/238645

vdb-entry

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
May 30, 2024
Vulnerability Reserved
Oct 17, 2022