Vulnerabilites related to ibm - aspera_shares
CVE-2024-38317 (GCVE-0-2024-38317)
Vulnerability from cvelistv5
Published
2025-02-05 22:43
Modified
2025-02-22 20:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Summary
IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7182490 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Shares |
Version: 1.9.0 ≤ 1.10.0 PL6 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38317",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T15:03:37.077587Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-06T15:07:38.142Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Aspera Shares",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "1.10.0 PL6",
"status": "affected",
"version": "1.9.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Aspera Shares\u0026nbsp;\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e1.9.0 through 1.10.0 PL6 \u003c/span\u003e is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.\u003c/p\u003e"
}
],
"value": "IBM Aspera Shares\u00a01.9.0 through 1.10.0 PL6 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-22T20:55:52.211Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7182490"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Aspera Shares Cross-Site Scripting",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-38317",
"datePublished": "2025-02-05T22:43:49.501Z",
"dateReserved": "2024-06-13T21:43:46.666Z",
"dateUpdated": "2025-02-22T20:55:52.211Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38316 (GCVE-0-2024-38316)
Vulnerability from cvelistv5
Published
2025-02-05 22:30
Modified
2025-02-22 20:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Summary
IBM Aspera Shares 1.9.0 through 1.10.0 PL6 does not properly rate limit the frequency that an authenticated user can send emails, which could result in email flooding or a denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7182490 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Shares |
Version: 1.9.0 ≤ 1.10.0 PL6 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38316",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T15:03:40.127133Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-06T15:07:44.920Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Aspera Shares",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "1.10.0 PL6",
"status": "affected",
"version": "1.9.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Aspera Shares 1.9.0 through 1.10.0 PL6 does not properly rate limit the frequency that an authenticated user can send emails, which could result in email flooding or a denial of service."
}
],
"value": "IBM Aspera Shares 1.9.0 through 1.10.0 PL6 does not properly rate limit the frequency that an authenticated user can send emails, which could result in email flooding or a denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-22T20:55:15.673Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7182490"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Aspera Shares Denial of Service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-38316",
"datePublished": "2025-02-05T22:30:35.881Z",
"dateReserved": "2024-06-13T21:43:46.666Z",
"dateUpdated": "2025-02-22T20:55:15.673Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-56471 (GCVE-0-2024-56471)
Vulnerability from cvelistv5
Published
2025-02-05 22:55
Modified
2025-02-22 22:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Summary
IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7182490 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Shares |
Version: 1.9.0 ≤ 1.10.0 PL6 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-56471",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T15:03:28.644734Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-06T15:07:15.517Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Aspera Shares",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "1.10.0 PL6",
"status": "affected",
"version": "1.9.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Aspera Shares\u0026nbsp;1.9.0 through 1.10.0 PL6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. \u003c/p\u003e"
}
],
"value": "IBM Aspera Shares\u00a01.9.0 through 1.10.0 PL6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-22T22:14:07.088Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7182490"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Aspera Shares Server-Side Request Forgery",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-56471",
"datePublished": "2025-02-05T22:55:49.472Z",
"dateReserved": "2024-12-26T12:51:26.634Z",
"dateUpdated": "2025-02-22T22:14:07.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-56472 (GCVE-0-2024-56472)
Vulnerability from cvelistv5
Published
2025-02-05 22:58
Modified
2025-02-22 22:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Summary
IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7182490 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Shares |
Version: 1.9.0 ≤ 1.10.0 PL6 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-56472",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T15:03:24.904615Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-06T15:07:07.785Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Aspera Shares",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "1.10.0 PL6",
"status": "affected",
"version": "1.9.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Aspera Shares\u0026nbsp;1.9.0 through 1.10.0 PL6 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. \u003c/p\u003e"
}
],
"value": "IBM Aspera Shares\u00a01.9.0 through 1.10.0 PL6 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-22T22:14:37.136Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7182490"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Aspera Shares Cross-Site Scripting",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-56472",
"datePublished": "2025-02-05T22:58:39.405Z",
"dateReserved": "2024-12-26T12:51:26.634Z",
"dateUpdated": "2025-02-22T22:14:37.136Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38318 (GCVE-0-2024-38318)
Vulnerability from cvelistv5
Published
2025-02-05 22:49
Modified
2025-02-22 20:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7182490 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Shares |
Version: 1.9.0 ≤ 1.10.0 PL6 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38318",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T15:03:34.268071Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-06T15:07:30.173Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Aspera Shares",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "1.10.0 PL6",
"status": "affected",
"version": "1.9.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Aspera Shares\u0026nbsp;1.9.0 through 1.10.0 PL6 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site.\u003c/p\u003e"
}
],
"value": "IBM Aspera Shares\u00a01.9.0 through 1.10.0 PL6 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-22T20:56:28.409Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7182490"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Aspera Shares HTML injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-38318",
"datePublished": "2025-02-05T22:49:18.237Z",
"dateReserved": "2024-06-13T21:43:46.666Z",
"dateUpdated": "2025-02-22T20:56:28.409Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38315 (GCVE-0-2024-38315)
Vulnerability from cvelistv5
Published
2024-09-16 15:05
Modified
2024-09-16 15:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-613 - Insufficient Session Expiration
Summary
IBM Aspera Shares 1.0 through 1.10.0 PL3 does not invalidate session after a password reset which could allow an authenticated user to impersonate another user on the system.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7168379 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/294742 | vdb-entry |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Shares |
Version: 1.0 ≤ 1.10.0 PL3 cpe:2.3:a:ibm:aspera_shares:1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_shares:1.10.0:patch_level2:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38315",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T15:16:20.484574Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T15:16:30.485Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:aspera_shares:1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_shares:1.10.0:patch_level2:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Aspera Shares",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "1.10.0 PL3",
"status": "affected",
"version": "1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Aspera Shares 1.0 through 1.10.0 PL3 does not invalidate session after a password reset which could allow an authenticated user to impersonate another user on the system."
}
],
"value": "IBM Aspera Shares 1.0 through 1.10.0 PL3 does not invalidate session after a password reset which could allow an authenticated user to impersonate another user on the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613 Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T15:05:49.347Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7168379"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/294742"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Aspera Shares session fixation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-38315",
"datePublished": "2024-09-16T15:05:49.347Z",
"dateReserved": "2024-06-13T21:43:46.666Z",
"dateUpdated": "2024-09-16T15:16:30.485Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4731 (GCVE-0-2020-4731)
Vulnerability from cvelistv5
Published
2020-09-21 14:55
Modified
2024-09-17 02:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-Site Scripting
Summary
IBM Aspera Web Application 1.9.14 PL1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188055.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6326929 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/188055 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Shares |
Version: 1.9.14.PL1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:14:57.493Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6326929"
},
{
"name": "ibm-aspera-cve20204731-xss (188055)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/188055"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aspera Shares",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "1.9.14.PL1"
}
]
}
],
"datePublic": "2020-09-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Aspera Web Application 1.9.14 PL1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188055."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.8,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/UI:R/AC:L/C:L/S:C/I:L/PR:N/A:N/AV:N/E:H/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-21T14:55:25",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6326929"
},
{
"name": "ibm-aspera-cve20204731-xss (188055)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/188055"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-09-16T00:00:00",
"ID": "CVE-2020-4731",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aspera Shares",
"version": {
"version_data": [
{
"version_value": "1.9.14.PL1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Aspera Web Application 1.9.14 PL1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188055."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "N",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6326929",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6326929 (Aspera Shares)",
"url": "https://www.ibm.com/support/pages/node/6326929"
},
{
"name": "ibm-aspera-cve20204731-xss (188055)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/188055"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4731",
"datePublished": "2020-09-21T14:55:25.579220Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-17T02:47:25.376Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0162 (GCVE-0-2025-0162)
Vulnerability from cvelistv5
Published
2025-03-07 16:38
Modified
2025-09-01 01:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference
Summary
IBM Aspera Shares 1.9.9 through 1.10.0 PL7 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7185096 | vendor-advisory, patch |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Shares |
Version: 1.9.9 ≤ 1.10.0 PL7 cpe:2.3:a:ibm:aspera_shares:1.9.9:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_shares:1.10.0:patch_level7:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0162",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T17:22:39.687238Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T17:22:57.063Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:aspera_shares:1.9.9:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_shares:1.10.0:patch_level7:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Aspera Shares",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "1.10.0 PL7",
"status": "affected",
"version": "1.9.9",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Aspera Shares 1.9.9 through 1.10.0 PL7 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to expose sensitive information or consume memory resources."
}
],
"value": "IBM Aspera Shares 1.9.9 through 1.10.0 PL7 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to expose sensitive information or consume memory resources."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611 Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-01T01:08:29.283Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7185096"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Aspera Shares XML external entity injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-0162",
"datePublished": "2025-03-07T16:38:40.598Z",
"dateReserved": "2024-12-31T19:09:13.934Z",
"dateUpdated": "2025-09-01T01:08:29.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-56473 (GCVE-0-2024-56473)
Vulnerability from cvelistv5
Published
2025-02-05 23:01
Modified
2025-02-22 22:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
IBM Aspera Shares 1.9.0 through 1.10.0 PL6 could allow an attacker to spoof their IP address, which is written to log files, due to improper verification of 'Client-IP' headers.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7182490 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Shares |
Version: 1.9.0 ≤ 1.10.0 PL6 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-56473",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T15:04:39.349650Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-06T15:06:58.643Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Aspera Shares",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "1.10.0 PL6",
"status": "affected",
"version": "1.9.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Aspera Shares\u0026nbsp;1.9.0 through 1.10.0 PL6 could allow an attacker to spoof their IP address, which is written to log files, due to improper verification of \u0027Client-IP\u0027 headers. \u003c/p\u003e"
}
],
"value": "IBM Aspera Shares\u00a01.9.0 through 1.10.0 PL6 could allow an attacker to spoof their IP address, which is written to log files, due to improper verification of \u0027Client-IP\u0027 headers."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-117",
"description": "CWE-117",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-22T22:15:04.704Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7182490"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Aspera Shares Data Manipulation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-56473",
"datePublished": "2025-02-05T23:01:29.837Z",
"dateReserved": "2024-12-26T12:51:26.634Z",
"dateUpdated": "2025-02-22T22:15:04.704Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-56470 (GCVE-0-2024-56470)
Vulnerability from cvelistv5
Published
2025-02-05 22:53
Modified
2025-02-22 22:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Summary
IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7182490 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Shares |
Version: 1.9.0 ≤ 1.10.0 PL6 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-56470",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T15:03:31.381724Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-06T15:07:23.738Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Aspera Shares",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "1.10.0 PL6",
"status": "affected",
"version": "1.9.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Aspera Shares\u0026nbsp;1.9.0 through 1.10.0 PL6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. \u003c/p\u003e"
}
],
"value": "IBM Aspera Shares\u00a01.9.0 through 1.10.0 PL6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-22T22:13:38.955Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7182490"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Aspera Shares Server-Side Request Forgery",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-56470",
"datePublished": "2025-02-05T22:53:15.182Z",
"dateReserved": "2024-12-26T12:51:26.634Z",
"dateUpdated": "2025-02-22T22:13:38.955Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38018 (GCVE-0-2023-38018)
Vulnerability from cvelistv5
Published
2024-08-09 16:25
Modified
2024-08-09 21:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-384 - Session Fixation
Summary
IBM Aspera Shares 1.10.0 PL2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 260574.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Shares |
Version: 1.10.0 PL2 cpe:2.3:a:ibm:aspera_shares:1.10.0:patch_level2:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38018",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-09T21:35:10.534550Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-09T21:35:43.415Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:aspera_shares:1.10.0:patch_level2:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Aspera Shares",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "1.10.0 PL2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Aspera Shares 1.10.0 PL2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 260574."
}
],
"value": "IBM Aspera Shares 1.10.0 PL2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 260574."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "CWE-384 Session Fixation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-09T16:25:10.609Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7164325"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Aspera Shares session fixation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-38018",
"datePublished": "2024-08-09T16:25:10.609Z",
"dateReserved": "2023-07-11T17:33:12.813Z",
"dateUpdated": "2024-08-09T21:35:43.415Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2025-02-05 23:15
Modified
2025-03-06 21:02
Severity ?
Summary
IBM Aspera Shares 1.9.0 through 1.10.0 PL6 could allow an attacker to spoof their IP address, which is written to log files, due to improper verification of 'Client-IP' headers.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7182490 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | aspera_shares | * | |
| ibm | aspera_shares | 1.10.0 | |
| ibm | aspera_shares | 1.10.0 | |
| ibm | aspera_shares | 1.10.0 | |
| ibm | aspera_shares | 1.10.0 | |
| ibm | aspera_shares | 1.10.0 | |
| ibm | aspera_shares | 1.10.0 | |
| ibm | aspera_shares | 1.10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:aspera_shares:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E811DC53-703B-4AE3-875C-B351B0835777",
"versionEndExcluding": "1.10.0",
"versionStartIncluding": "1.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:aspera_shares:1.10.0:-:*:*:*:*:*:*",
"matchCriteriaId": "39D4EC3F-C3DB-4866-B1FB-CE44E8F67D71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:aspera_shares:1.10.0:patch_level1:*:*:*:*:*:*",
"matchCriteriaId": "09296CB1-A4C2-4266-B1E6-371A3EE17793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:aspera_shares:1.10.0:patch_level2:*:*:*:*:*:*",
"matchCriteriaId": "093500E5-B15F-4935-B570-E0550C680004",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:aspera_shares:1.10.0:patch_level3:*:*:*:*:*:*",
"matchCriteriaId": "CD806ECB-AE0A-4D28-9F19-C7E803CCC81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:aspera_shares:1.10.0:patch_level4:*:*:*:*:*:*",
"matchCriteriaId": "AB8148AE-3573-4E5F-BB8F-ADB5D37D3AB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:aspera_shares:1.10.0:patch_level5:*:*:*:*:*:*",
"matchCriteriaId": "38D10CB8-E290-4B6B-8896-7D52A191B8C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:aspera_shares:1.10.0:patch_level6:*:*:*:*:*:*",
"matchCriteriaId": "40E92215-7CE0-4709-9FB5-157EE2736161",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Aspera Shares\u00a01.9.0 through 1.10.0 PL6 could allow an attacker to spoof their IP address, which is written to log files, due to improper verification of \u0027Client-IP\u0027 headers."
},
{
"lang": "es",
"value": " IBM Aspera Shares 1.9.0 a 1.10.0 PL6 podr\u00eda permitir que un atacante falsifique su direcci\u00f3n IP, que se escribe en archivos de registro, debido a la verificaci\u00f3n incorrecta de los encabezados \u0027Client-IP\u0027."
}
],
"id": "CVE-2024-56473",
"lastModified": "2025-03-06T21:02:01.057",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
},
"published": "2025-02-05T23:15:10.153",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7182490"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-117"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-116"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-21 15:15
Modified
2024-11-21 05:33
Severity ?
Summary
IBM Aspera Web Application 1.9.14 PL1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188055.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/188055 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6326929 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/188055 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6326929 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | aspera_shares | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:aspera_shares:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A615F836-C170-43BF-B0C3-8BA65CE3B640",
"versionEndIncluding": "1.9.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Aspera Web Application 1.9.14 PL1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188055."
},
{
"lang": "es",
"value": "IBM Aspera Web Application versi\u00f3n 1.9.14 PL1, es vulnerable a un ataque de tipo cross-site scripting.\u0026#xa0;Esta vulnerabilidad permite a usuarios insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, alterando as\u00ed la funcionalidad prevista conllevando potencialmente a una divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. IBM X-Force ID: 188055"
}
],
"id": "CVE-2020-4731",
"lastModified": "2024-11-21T05:33:11.133",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-21T15:15:13.107",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/188055"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6326929"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/188055"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6326929"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-09-16 15:15
Modified
2024-09-20 14:09
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
IBM Aspera Shares 1.0 through 1.10.0 PL3 does not invalidate session after a password reset which could allow an authenticated user to impersonate another user on the system.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/294742 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7168379 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | aspera_shares | * | |
| ibm | aspera_shares | 1.10.0 | |
| ibm | aspera_shares | 1.10.0 | |
| ibm | aspera_shares | 1.10.0 | |
| ibm | aspera_shares | 1.10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:aspera_shares:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18D532E2-ACB2-41CC-AE4C-3EAAF4763F41",
"versionEndExcluding": "1.10.0",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:aspera_shares:1.10.0:-:*:*:*:*:*:*",
"matchCriteriaId": "39D4EC3F-C3DB-4866-B1FB-CE44E8F67D71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:aspera_shares:1.10.0:patch_level1:*:*:*:*:*:*",
"matchCriteriaId": "09296CB1-A4C2-4266-B1E6-371A3EE17793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:aspera_shares:1.10.0:patch_level2:*:*:*:*:*:*",
"matchCriteriaId": "093500E5-B15F-4935-B570-E0550C680004",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:aspera_shares:1.10.0:patch_level3:*:*:*:*:*:*",
"matchCriteriaId": "CD806ECB-AE0A-4D28-9F19-C7E803CCC81C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Aspera Shares 1.0 through 1.10.0 PL3 does not invalidate session after a password reset which could allow an authenticated user to impersonate another user on the system."
},
{
"lang": "es",
"value": "IBM Aspera Shares 1.0 a 1.10.0 PL3 no invalida la sesi\u00f3n despu\u00e9s de un restablecimiento de contrase\u00f1a, lo que podr\u00eda permitir que un usuario autenticado se haga pasar por otro usuario en el sistema."
}
],
"id": "CVE-2024-38315",
"lastModified": "2024-09-20T14:09:24.733",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-09-16T15:15:16.087",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/294742"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7168379"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-613"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-02-05 23:15
Modified
2025-03-07 19:42
Severity ?
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7182490 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | aspera_shares | * | |
| ibm | aspera_shares | 1.10.0 | |
| ibm | aspera_shares | 1.10.0 | |
| ibm | aspera_shares | 1.10.0 | |
| ibm | aspera_shares | 1.10.0 | |
| ibm | aspera_shares | 1.10.0 | |
| ibm | aspera_shares | 1.10.0 | |
| ibm | aspera_shares | 1.10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:aspera_shares:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E811DC53-703B-4AE3-875C-B351B0835777",
"versionEndExcluding": "1.10.0",
"versionStartIncluding": "1.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:aspera_shares:1.10.0:-:*:*:*:*:*:*",
"matchCriteriaId": "39D4EC3F-C3DB-4866-B1FB-CE44E8F67D71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:aspera_shares:1.10.0:patch_level1:*:*:*:*:*:*",
"matchCriteriaId": "09296CB1-A4C2-4266-B1E6-371A3EE17793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:aspera_shares:1.10.0:patch_level2:*:*:*:*:*:*",
"matchCriteriaId": "093500E5-B15F-4935-B570-E0550C680004",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:aspera_shares:1.10.0:patch_level3:*:*:*:*:*:*",
"matchCriteriaId": "CD806ECB-AE0A-4D28-9F19-C7E803CCC81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:aspera_shares:1.10.0:patch_level4:*:*:*:*:*:*",
"matchCriteriaId": "AB8148AE-3573-4E5F-BB8F-ADB5D37D3AB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:aspera_shares:1.10.0:patch_level5:*:*:*:*:*:*",
"matchCriteriaId": "38D10CB8-E290-4B6B-8896-7D52A191B8C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:aspera_shares:1.10.0:patch_level6:*:*:*:*:*:*",
"matchCriteriaId": "40E92215-7CE0-4709-9FB5-157EE2736161",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Aspera Shares\u00a01.9.0 through 1.10.0 PL6 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site."
},
{
"lang": "es",
"value": " IBM Aspera Shares 1.9.0 a 1.10.0 PL6 es vulnerable a la inyecci\u00f3n HTML. Un atacante remoto podr\u00eda inyectar un c\u00f3digo HTML malicioso, que cuando se ve, se ejecutar\u00eda en el navegador web de la v\u00edctima dentro del contexto de seguridad del sitio de alojamiento."
}
],
"id": "CVE-2024-38318",
"lastModified": "2025-03-07T19:42:33.557",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-02-05T23:15:09.557",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7182490"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-80"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-03-07 17:15
Modified
2025-03-13 02:22
Severity ?
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
Summary
IBM Aspera Shares 1.9.9 through 1.10.0 PL7 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7185096 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | aspera_shares | * | |
| ibm | aspera_shares | 1.10.0 | |
| ibm | aspera_shares | 1.10.0 | |
| ibm | aspera_shares | 1.10.0 | |
| ibm | aspera_shares | 1.10.0 | |
| ibm | aspera_shares | 1.10.0 | |
| ibm | aspera_shares | 1.10.0 | |
| ibm | aspera_shares | 1.10.0 | |
| ibm | aspera_shares | 1.10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:aspera_shares:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C166B9E8-FE55-4A53-8DB3-FCC1DA8E3B7C",
"versionEndExcluding": "1.10.0",
"versionStartIncluding": "1.9.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:aspera_shares:1.10.0:-:*:*:*:*:*:*",
"matchCriteriaId": "39D4EC3F-C3DB-4866-B1FB-CE44E8F67D71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:aspera_shares:1.10.0:patch_level1:*:*:*:*:*:*",
"matchCriteriaId": "09296CB1-A4C2-4266-B1E6-371A3EE17793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:aspera_shares:1.10.0:patch_level2:*:*:*:*:*:*",
"matchCriteriaId": "093500E5-B15F-4935-B570-E0550C680004",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:aspera_shares:1.10.0:patch_level3:*:*:*:*:*:*",
"matchCriteriaId": "CD806ECB-AE0A-4D28-9F19-C7E803CCC81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:aspera_shares:1.10.0:patch_level4:*:*:*:*:*:*",
"matchCriteriaId": "AB8148AE-3573-4E5F-BB8F-ADB5D37D3AB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:aspera_shares:1.10.0:patch_level5:*:*:*:*:*:*",
"matchCriteriaId": "38D10CB8-E290-4B6B-8896-7D52A191B8C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:aspera_shares:1.10.0:patch_level6:*:*:*:*:*:*",
"matchCriteriaId": "40E92215-7CE0-4709-9FB5-157EE2736161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:aspera_shares:1.10.0:patch_level7:*:*:*:*:*:*",
"matchCriteriaId": "77A66754-8C69-41E9-9189-852CC54BB387",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Aspera Shares 1.9.9 through 1.10.0 PL7 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to expose sensitive information or consume memory resources."
},
{
"lang": "es",
"value": "IBM Aspera Shares 1.9.9 a 1.10.0 PL7 es vulnerable a un ataque de inyecci\u00f3n de entidad externa (XXE) XML al procesar datos XML. Un atacante remoto autenticado podr\u00eda aprovechar esta vulnerabilidad para exponer informaci\u00f3n confidencial o consumir recursos de memoria."
}
],
"id": "CVE-2025-0162",
"lastModified": "2025-03-13T02:22:58.683",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-03-07T17:15:21.110",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7185096"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-12 13:38
Modified
2024-08-29 14:36
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Summary
IBM Aspera Shares 1.10.0 PL2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 260574.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7164325 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | aspera_shares | 1.10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:aspera_shares:1.10.0:patch_level2:*:*:*:*:*:*",
"matchCriteriaId": "093500E5-B15F-4935-B570-E0550C680004",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Aspera Shares 1.10.0 PL2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 260574."
},
{
"lang": "es",
"value": "IBM Aspera Shares 1.10.0 PL2 no invalida la sesi\u00f3n despu\u00e9s de un cambio de contrase\u00f1a que podr\u00eda permitir a un usuario autenticado hacerse pasar por otro usuario en el sistema. ID de IBM X-Force: 260574."
}
],
"id": "CVE-2023-38018",
"lastModified": "2024-08-29T14:36:06.443",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-12T13:38:10.877",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7164325"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-384"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-02-05 23:15
Modified
2025-03-07 19:43
Severity ?
6.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7182490 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | aspera_shares | * | |
| ibm | aspera_shares | 1.10.0 | |
| ibm | aspera_shares | 1.10.0 | |
| ibm | aspera_shares | 1.10.0 | |
| ibm | aspera_shares | 1.10.0 | |
| ibm | aspera_shares | 1.10.0 | |
| ibm | aspera_shares | 1.10.0 | |
| ibm | aspera_shares | 1.10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:aspera_shares:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E811DC53-703B-4AE3-875C-B351B0835777",
"versionEndExcluding": "1.10.0",
"versionStartIncluding": "1.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:aspera_shares:1.10.0:-:*:*:*:*:*:*",
"matchCriteriaId": "39D4EC3F-C3DB-4866-B1FB-CE44E8F67D71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:aspera_shares:1.10.0:patch_level1:*:*:*:*:*:*",
"matchCriteriaId": "09296CB1-A4C2-4266-B1E6-371A3EE17793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:aspera_shares:1.10.0:patch_level2:*:*:*:*:*:*",
"matchCriteriaId": "093500E5-B15F-4935-B570-E0550C680004",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:aspera_shares:1.10.0:patch_level3:*:*:*:*:*:*",
"matchCriteriaId": "CD806ECB-AE0A-4D28-9F19-C7E803CCC81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:aspera_shares:1.10.0:patch_level4:*:*:*:*:*:*",
"matchCriteriaId": "AB8148AE-3573-4E5F-BB8F-ADB5D37D3AB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:aspera_shares:1.10.0:patch_level5:*:*:*:*:*:*",
"matchCriteriaId": "38D10CB8-E290-4B6B-8896-7D52A191B8C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:aspera_shares:1.10.0:patch_level6:*:*:*:*:*:*",
"matchCriteriaId": "40E92215-7CE0-4709-9FB5-157EE2736161",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Aspera Shares\u00a01.9.0 through 1.10.0 PL6 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
},
{
"lang": "es",
"value": "IBM Aspera Shares 1.9.0 a 1.10.0 PL6 es vulnerable a cross-site scripting almacenado. Esta vulnerabilidad permite a los usuarios autenticados insertar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista y pudiendo provocar la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n de confianza."
}
],
"id": "CVE-2024-56472",
"lastModified": "2025-03-07T19:43:04.223",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-02-05T23:15:10.007",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7182490"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-02-05 23:15
Modified
2025-03-06 21:05
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
IBM Aspera Shares 1.9.0 through 1.10.0 PL6 does not properly rate limit the frequency that an authenticated user can send emails, which could result in email flooding or a denial of service.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7182490 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | aspera_shares | * | |
| ibm | aspera_shares | 1.10.0 | |
| ibm | aspera_shares | 1.10.0 | |
| ibm | aspera_shares | 1.10.0 | |
| ibm | aspera_shares | 1.10.0 | |
| ibm | aspera_shares | 1.10.0 | |
| ibm | aspera_shares | 1.10.0 | |
| ibm | aspera_shares | 1.10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:aspera_shares:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E811DC53-703B-4AE3-875C-B351B0835777",
"versionEndExcluding": "1.10.0",
"versionStartIncluding": "1.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:aspera_shares:1.10.0:-:*:*:*:*:*:*",
"matchCriteriaId": "39D4EC3F-C3DB-4866-B1FB-CE44E8F67D71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:aspera_shares:1.10.0:patch_level1:*:*:*:*:*:*",
"matchCriteriaId": "09296CB1-A4C2-4266-B1E6-371A3EE17793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:aspera_shares:1.10.0:patch_level2:*:*:*:*:*:*",
"matchCriteriaId": "093500E5-B15F-4935-B570-E0550C680004",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:aspera_shares:1.10.0:patch_level3:*:*:*:*:*:*",
"matchCriteriaId": "CD806ECB-AE0A-4D28-9F19-C7E803CCC81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:aspera_shares:1.10.0:patch_level4:*:*:*:*:*:*",
"matchCriteriaId": "AB8148AE-3573-4E5F-BB8F-ADB5D37D3AB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:aspera_shares:1.10.0:patch_level5:*:*:*:*:*:*",
"matchCriteriaId": "38D10CB8-E290-4B6B-8896-7D52A191B8C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:aspera_shares:1.10.0:patch_level6:*:*:*:*:*:*",
"matchCriteriaId": "40E92215-7CE0-4709-9FB5-157EE2736161",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Aspera Shares 1.9.0 through 1.10.0 PL6 does not properly rate limit the frequency that an authenticated user can send emails, which could result in email flooding or a denial of service."
},
{
"lang": "es",
"value": "IBM Aspera Shares 1.9.0 a 1.10.0 PL6 no limita adecuadamente la frecuencia que un usuario autenticado puede enviar correos electr\u00f3nicos, lo que podr\u00eda dar lugar a inundaciones por correo electr\u00f3nico o una negaci\u00f3n de servicio."
}
],
"id": "CVE-2024-38316",
"lastModified": "2025-03-06T21:05:25.850",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-02-05T23:15:08.480",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7182490"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-02-05 23:15
Modified
2025-03-07 19:42
Severity ?
Summary
IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7182490 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | aspera_shares | * | |
| ibm | aspera_shares | 1.10.0 | |
| ibm | aspera_shares | 1.10.0 | |
| ibm | aspera_shares | 1.10.0 | |
| ibm | aspera_shares | 1.10.0 | |
| ibm | aspera_shares | 1.10.0 | |
| ibm | aspera_shares | 1.10.0 | |
| ibm | aspera_shares | 1.10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:aspera_shares:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E811DC53-703B-4AE3-875C-B351B0835777",
"versionEndExcluding": "1.10.0",
"versionStartIncluding": "1.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:aspera_shares:1.10.0:-:*:*:*:*:*:*",
"matchCriteriaId": "39D4EC3F-C3DB-4866-B1FB-CE44E8F67D71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:aspera_shares:1.10.0:patch_level1:*:*:*:*:*:*",
"matchCriteriaId": "09296CB1-A4C2-4266-B1E6-371A3EE17793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:aspera_shares:1.10.0:patch_level2:*:*:*:*:*:*",
"matchCriteriaId": "093500E5-B15F-4935-B570-E0550C680004",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:aspera_shares:1.10.0:patch_level3:*:*:*:*:*:*",
"matchCriteriaId": "CD806ECB-AE0A-4D28-9F19-C7E803CCC81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:aspera_shares:1.10.0:patch_level4:*:*:*:*:*:*",
"matchCriteriaId": "AB8148AE-3573-4E5F-BB8F-ADB5D37D3AB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:aspera_shares:1.10.0:patch_level5:*:*:*:*:*:*",
"matchCriteriaId": "38D10CB8-E290-4B6B-8896-7D52A191B8C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:aspera_shares:1.10.0:patch_level6:*:*:*:*:*:*",
"matchCriteriaId": "40E92215-7CE0-4709-9FB5-157EE2736161",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Aspera Shares\u00a01.9.0 through 1.10.0 PL6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks."
},
{
"lang": "es",
"value": "IBM Aspera Shares 1.9.0 a 1.10.0 PL6 es vulnerable a server-side request forgery (SSRF). Esto puede permitir que un atacante autenticado env\u00ede solicitudes no autorizadas desde el sistema, lo que podr\u00eda provocar la enumeraci\u00f3n de la red o facilitar otros ataques."
}
],
"id": "CVE-2024-56471",
"lastModified": "2025-03-07T19:42:50.713",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
},
"published": "2025-02-05T23:15:09.860",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7182490"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-02-05 23:15
Modified
2025-03-07 19:43
Severity ?
Summary
IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7182490 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | aspera_shares | * | |
| ibm | aspera_shares | 1.10.0 | |
| ibm | aspera_shares | 1.10.0 | |
| ibm | aspera_shares | 1.10.0 | |
| ibm | aspera_shares | 1.10.0 | |
| ibm | aspera_shares | 1.10.0 | |
| ibm | aspera_shares | 1.10.0 | |
| ibm | aspera_shares | 1.10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:aspera_shares:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E811DC53-703B-4AE3-875C-B351B0835777",
"versionEndExcluding": "1.10.0",
"versionStartIncluding": "1.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:aspera_shares:1.10.0:-:*:*:*:*:*:*",
"matchCriteriaId": "39D4EC3F-C3DB-4866-B1FB-CE44E8F67D71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:aspera_shares:1.10.0:patch_level1:*:*:*:*:*:*",
"matchCriteriaId": "09296CB1-A4C2-4266-B1E6-371A3EE17793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:aspera_shares:1.10.0:patch_level2:*:*:*:*:*:*",
"matchCriteriaId": "093500E5-B15F-4935-B570-E0550C680004",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:aspera_shares:1.10.0:patch_level3:*:*:*:*:*:*",
"matchCriteriaId": "CD806ECB-AE0A-4D28-9F19-C7E803CCC81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:aspera_shares:1.10.0:patch_level4:*:*:*:*:*:*",
"matchCriteriaId": "AB8148AE-3573-4E5F-BB8F-ADB5D37D3AB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:aspera_shares:1.10.0:patch_level5:*:*:*:*:*:*",
"matchCriteriaId": "38D10CB8-E290-4B6B-8896-7D52A191B8C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:aspera_shares:1.10.0:patch_level6:*:*:*:*:*:*",
"matchCriteriaId": "40E92215-7CE0-4709-9FB5-157EE2736161",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Aspera Shares\u00a01.9.0 through 1.10.0 PL6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks."
},
{
"lang": "es",
"value": "IBM Aspera Shares 1.9.0 a 1.10.0 PL6 es vulnerable a server-side request forgery (SSRF). Esto puede permitir que un atacante autenticado env\u00ede solicitudes no autorizadas desde el sistema, lo que podr\u00eda provocar la enumeraci\u00f3n de la red o facilitar otros ataques."
}
],
"id": "CVE-2024-56470",
"lastModified": "2025-03-07T19:43:22.887",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
},
"published": "2025-02-05T23:15:09.707",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7182490"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-02-05 23:15
Modified
2025-03-07 19:41
Severity ?
Summary
IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7182490 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | aspera_shares | * | |
| ibm | aspera_shares | 1.10.0 | |
| ibm | aspera_shares | 1.10.0 | |
| ibm | aspera_shares | 1.10.0 | |
| ibm | aspera_shares | 1.10.0 | |
| ibm | aspera_shares | 1.10.0 | |
| ibm | aspera_shares | 1.10.0 | |
| ibm | aspera_shares | 1.10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:aspera_shares:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E811DC53-703B-4AE3-875C-B351B0835777",
"versionEndExcluding": "1.10.0",
"versionStartIncluding": "1.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:aspera_shares:1.10.0:-:*:*:*:*:*:*",
"matchCriteriaId": "39D4EC3F-C3DB-4866-B1FB-CE44E8F67D71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:aspera_shares:1.10.0:patch_level1:*:*:*:*:*:*",
"matchCriteriaId": "09296CB1-A4C2-4266-B1E6-371A3EE17793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:aspera_shares:1.10.0:patch_level2:*:*:*:*:*:*",
"matchCriteriaId": "093500E5-B15F-4935-B570-E0550C680004",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:aspera_shares:1.10.0:patch_level3:*:*:*:*:*:*",
"matchCriteriaId": "CD806ECB-AE0A-4D28-9F19-C7E803CCC81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:aspera_shares:1.10.0:patch_level4:*:*:*:*:*:*",
"matchCriteriaId": "AB8148AE-3573-4E5F-BB8F-ADB5D37D3AB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:aspera_shares:1.10.0:patch_level5:*:*:*:*:*:*",
"matchCriteriaId": "38D10CB8-E290-4B6B-8896-7D52A191B8C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:aspera_shares:1.10.0:patch_level6:*:*:*:*:*:*",
"matchCriteriaId": "40E92215-7CE0-4709-9FB5-157EE2736161",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Aspera Shares\u00a01.9.0 through 1.10.0 PL6 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
},
{
"lang": "es",
"value": "IBM Aspera Shares 1.9.0 a 1.10.0 PL6 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a un usuario privilegiado incrustar el c\u00f3digo de JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista potencialmente que conduce a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable."
}
],
"id": "CVE-2024-38317",
"lastModified": "2025-03-07T19:41:32.613",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
},
"published": "2025-02-05T23:15:09.407",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7182490"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
}