HTML Injection Vulnerability in IBM Aspera Shares Product
CVE-2024-38318

4.8MEDIUM

Key Information:

Vendor: IBM
Status: Aspera Shares
Vendor: CVE Published:; 5 February 2025

Summary

IBM Aspera Shares versions 1.9.0 through 1.10.0 PL6 are susceptible to an HTML injection vulnerability. This allows a remote attacker to inject malicious HTML code, which, upon being viewed by a victim, executes within the web browser's security context of the affected site. The risk is significant, as this could lead to unauthorized actions or sensitive data being exposed to the attacker when users interact with crafted content.

Affected Version(s)

Aspera Shares 1.9.0 <= 1.10.0 PL6

References

https://www.ibm.com/support/pages/node/7182490

vendor-advisory

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 5, 2025
Vulnerability Reserved
Jun 13, 2024