Server-Side Request Forgery Vulnerability in IBM Aspera Shares
CVE-2024-56470

5.4MEDIUM

Key Information:

Vendor
IBM
Status
Aspera Shares
Vendor
CVE Published:
5 February 2025

Summary

IBM Aspera Shares versions 1.9.0 through 1.10.0 PL6 are susceptible to a server-side request forgery vulnerability. This issue could allow an authenticated attacker to send unauthorized requests from the server, which may lead to potential network enumeration and could facilitate additional malicious activities. Organizations using these affected versions are advised to take immediate action to mitigate the risks associated with this vulnerability.

Affected Version(s)

Aspera Shares 1.9.0 <= 1.10.0 PL6

References

https://www.ibm.com/support/pages/node/7182490
vendor-advisory

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.