Aspera Console Vulnerable to SQL Injection
CVE-2022-43842

9.1CRITICAL

Key Information:

Vendor: IBM
Status: Aspera Console
Vendor: CVE Published:; 23 February 2024

What is CVE-2022-43842?

The vulnerability in IBM Aspera Console versions 3.4.0 through 3.4.2 arises from improper handling of input, allowing a remote attacker to execute arbitrary SQL queries. By sending specially crafted SQL statements, an attacker may gain unauthorized access to the back-end database, leading to potential exposure and manipulation of sensitive data. This vulnerability highlights the importance of input validation and secure coding practices to protect against injection attacks.

Affected Version(s)

Aspera Console 3.4.0 <= 3.4.2

References

https://www.ibm.com/support/pages/node/7122632

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/239079

vdb-entry

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 23, 2024
Vulnerability Reserved
Oct 26, 2022