Aspera Console vulnerable to Cross-Site Scripting
CVE-2022-43575

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Aspera Console
Vendor: CVE Published:; 30 May 2024

What is CVE-2022-43575?

IBM Aspera Console versions 3.4.0 through 3.4.2 PL5 exhibit a vulnerability allowing cross-site scripting (XSS) attacks. This security flaw enables malicious users to inject arbitrary JavaScript code into the Web UI. Consequently, this could affect the intended functionality of the application and potentially result in the disclosure of user credentials within a trusted session. It is crucial for organizations using affected versions to apply necessary security measures and updates to mitigate this security risk.

Affected Version(s)

Aspera Console 3.4.0 <= 3.4.2 PL5

References

https://www.ibm.com/support/pages/node/7155215

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/238680

vdb-entry

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 30, 2024
Vulnerability Reserved
Oct 20, 2022