CVE-2022-43852Exposure of Sensitive System Information to an Unauthorized Control Sphere in IBM Aspera Console

CWE-497Exposure of Sensitive System Information to an Unauthorized Control Sphere3 documents3 sources
Severity
5.3MEDIUMNVD
EPSS
0.2%
top 52.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Aspera Console
Timeline
PublishedApr 14

Description

IBM Aspera Console 3.4.0 through 3.4.4 could disclose sensitive information in HTTP headers that could be used in further attacks against the system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

NVDibm/aspera_console3.4.03.4.5
CVEListV5ibm/aspera_console3.4.03.4.4

🔴Vulnerability Details

2
GHSA
GHSA-fg3p-xv26-qc77: IBM Aspera Console 32025-04-14
CVEList
IBM Aspera Console information disclosure2025-04-14
CVE-2022-43852 — IBM Aspera Console vulnerability | cvebase