Aspera Console vulnerable to Cross-Site Scripting
CVE-2022-43575
5.4MEDIUM
What is CVE-2022-43575?
IBM Aspera Console versions 3.4.0 through 3.4.2 PL5 exhibit a vulnerability allowing cross-site scripting (XSS) attacks. This security flaw enables malicious users to inject arbitrary JavaScript code into the Web UI. Consequently, this could affect the intended functionality of the application and potentially result in the disclosure of user credentials within a trusted session. It is crucial for organizations using affected versions to apply necessary security measures and updates to mitigate this security risk.
Affected Version(s)
Aspera Console 3.4.0 <= 3.4.2 PL5