CVE-2021-38963

CWE-12363 documents3 sources
Severity
8.0HIGH
EPSS
0.4%
top 39.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Aspera Console
Timeline
PublishedSep 25

Description

IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a CSV injection vulnerability. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 2.1 | Impact: 5.9

Affected Packages2 packages

NVDibm/aspera_console3.4.03.4.5
CVEListV5ibm/aspera_console3.4.03.4.4

🔴Vulnerability Details

2
GHSA
GHSA-3qcf-857g-5p4x: IBM Aspera Console 32024-09-25
CVEList
IBM Aspera Console CSV injection2024-09-24
CVE-2021-38963 (HIGH CVSS 8) | IBM Aspera Console 3.4.0 through 3. | cvebase.io