CVE-2022-43845

CWE-1004CWE-732Incorrect Permission Assignment5 documents5 sources
Severity
7.5HIGH
EPSS
0.1%
top 75.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Aspera Console
Timeline
PublishedSep 25

Description

IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages2 packages

NVDibm/aspera_console3.4.03.4.5
CVEListV5ibm/aspera_console3.4.03.4.4

🔴Vulnerability Details

3
GHSA
GHSA-wpw2-69v8-6f9h: IBM Aspera Console 32024-09-25
CVEList
IBM Aspera Console information disclosure2024-09-24
OSV
ring vulnerabilities2023-10-09

💬Community

1
Bugzilla
CVE-2021-41141 CVE-2021-43845 CVE-2022-24754 CVE-2022-24763 CVE-2022-24786 CVE-2022-24792 CVE-2022-24793 asterisk: pjsip: Multiple vulnerabilities [epel-all]2023-02-27
CVE-2022-43845 (HIGH CVSS 7.5) | IBM Aspera Console 3.4.0 through 3. | cvebase.io