Aspera Console Vulnerability Allows Web Pages to be Stored Locally
CVE-2022-43841

3.3LOW

Key Information:

Vendor: IBM
Status: Aspera Console
Vendor: CVE Published:; 30 May 2024

Summary

A vulnerability exists in IBM Aspera Console versions 3.4.0 to 3.4.2 PL9, enabling local storage of web pages that can potentially be accessed by other users on the same system. This security gap poses a risk to data integrity, as unauthorized users may gain access to sensitive information stored within these web pages. Proper security measures and software updates are essential to mitigate this issue.

Affected Version(s)

Aspera Console 3.4.0 - 3.4.2 PL9

References

https://www.ibm.com/support/pages/node/7155202

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/239078

vdb-entry

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 30, 2024
Vulnerability Reserved
Oct 26, 2022