CVE-2022-43840 — XPath Injection in IBM Aspera Console

CWE-643 — XPath Injection3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.2%

top 52.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Aspera Console

Timeline

PublishedApr 14

Description

IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to an XPath injection vulnerability, which could allow an authenticated attacker to exfiltrate sensitive application data and/or determine the structure of the XML document.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5ibm/aspera_console3.4.0 — 3.4.4

▶NVDibm/aspera_console3.4.0 — 3.4.4

🔴Vulnerability Details

CVEList

IBM Aspera Console XPath injection↗2025-04-14

▶

GHSA

GHSA-gj57-w9c9-x3x9: IBM Aspera Console 3↗2025-04-14

▶