Ibm Aspera Console vulnerabilities
18 known vulnerabilities affecting ibm/aspera_console.
Total CVEs
18
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH5MEDIUM11LOW1
Vulnerabilities
Page 1 of 1
CVE-2025-13212MEDIUMCVSS 4.3≥ 3.3.0, < 3.4.9≥ 3.3.0, ≤ 3.4.82026-03-16
CVE-2025-13212 [MEDIUM] CWE-799 CVE-2025-13212: IBM Aspera Console 3.3.0 through 3.4.8 could allow an authenticated user to cause a denial of servic
IBM Aspera Console 3.3.0 through 3.4.8 could allow an authenticated user to cause a denial of service in the email service due to improper control of interaction frequency.
cvelistv5nvd
CVE-2025-13459MEDIUMCVSS 4.9≥ 3.3.0, < 3.4.9≥ 3.3.0, ≤ 3.4.82026-03-16
CVE-2025-13459 [LOW] CWE-841 CVE-2025-13459: IBM Aspera Console 3.3.0 through 3.4.8 could allow a privileged user to cause a denial of service du
IBM Aspera Console 3.3.0 through 3.4.8 could allow a privileged user to cause a denial of service due to improper enforcement of behavioral workflow.
cvelistv5nvd
CVE-2025-13460MEDIUMCVSS 5.3≥ 3.3.0, < 3.4.9≥ 3.3.0, ≤ 3.4.82026-03-16
CVE-2025-13460 [MEDIUM] CWE-204 CVE-2025-13460: IBM Aspera Console 3.3.0 through 3.4.8 could allow an attacker to enumerate usernames due to an obse
IBM Aspera Console 3.3.0 through 3.4.8 could allow an attacker to enumerate usernames due to an observable response discrepancy.
cvelistv5nvd
CVE-2025-13379HIGHCVSS 8.6≥ 3.4.0, ≤ 3.4.82026-02-05
CVE-2025-13379 [HIGH] CWE-89 CVE-2025-13379: IBM Aspera Console 3.4.0 through 3.4.8 is vulnerable to SQL injection. A remote attacker could send
IBM Aspera Console 3.4.0 through 3.4.8 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database.
cvelistv5nvd
CVE-2025-13925MEDIUMCVSS 4.9v3.4.72026-01-20
CVE-2025-13925 [MEDIUM] CWE-532 CVE-2025-13925: IBM Aspera Console 3.4.7 stores potentially sensitive information in log files that could be read by
IBM Aspera Console 3.4.7 stores potentially sensitive information in log files that could be read by a local privileged user.
cvelistv5nvd
CVE-2022-43851HIGHCVSS 7.5≥ 3.4.0, < 3.4.5≥ 3.4.0, ≤ 3.4.42025-04-14
CVE-2022-43851 [MEDIUM] CWE-327 CVE-2022-43851: IBM Aspera Console 3.4.0 through 3.4.4
uses weaker than expected cryptographic algorithms that coul
IBM Aspera Console 3.4.0 through 3.4.4
uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
cvelistv5nvd
CVE-2023-27272HIGHCVSS 8.8≥ 3.4.0, < 3.4.5≥ 3.4.0, ≤ 3.4.42025-04-14
CVE-2023-27272 [LOW] CWE-521 CVE-2023-27272: IBM Aspera Console 3.4.0 through 3.4.4 allows passwords to be reused when a new user logs into the s
IBM Aspera Console 3.4.0 through 3.4.4 allows passwords to be reused when a new user logs into the system.
cvelistv5nvd
CVE-2022-43847MEDIUMCVSS 5.4≥ 3.4.0, < 3.4.5≥ 3.4.0, ≤ 3.4.42025-04-14
CVE-2022-43847 [MEDIUM] CWE-644 CVE-2022-43847: IBM Aspera Console 3.4.0 through 3.4.4
is vulnerable to HTTP header injection, caused by improper
IBM Aspera Console 3.4.0 through 3.4.4
is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.
cvelistv5nvd
CVE-2022-43840MEDIUMCVSS 4.3≥ 3.4.0, ≤ 3.4.42025-04-14
CVE-2022-43840 [MEDIUM] CWE-643 CVE-2022-43840: IBM Aspera Console 3.4.0 through 3.4.4
is vulnerable to an XPath injection vulnerability, which cou
IBM Aspera Console 3.4.0 through 3.4.4
is vulnerable to an XPath injection vulnerability, which could allow an authenticated attacker to exfiltrate sensitive application data and/or determine the structure of the XML document.
cvelistv5nvd
CVE-2022-43850MEDIUMCVSS 5.4≥ 3.4.0, < 3.4.5≥ 3.4.0, ≤ 3.4.42025-04-14
CVE-2022-43850 [MEDIUM] CWE-79 CVE-2022-43850: IBM Aspera Console 3.4.0 through 3.4.4
is vulnerable to cross-site scripting. This vulnerability al
IBM Aspera Console 3.4.0 through 3.4.4
is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
cvelistv5nvd
CVE-2022-43852MEDIUMCVSS 5.3≥ 3.4.0, < 3.4.5≥ 3.4.0, ≤ 3.4.42025-04-14
CVE-2022-43852 [MEDIUM] CWE-497 CVE-2022-43852: IBM Aspera Console 3.4.0 through 3.4.4 could disclose sensitive information in HTTP headers that cou
IBM Aspera Console 3.4.0 through 3.4.4 could disclose sensitive information in HTTP headers that could be used in further attacks against the system.
cvelistv5nvd
CVE-2021-38963HIGHCVSS 8.0≥ 3.4.0, < 3.4.5≥ 3.4.0, ≤ 3.4.42024-09-25
CVE-2021-38963 [HIGH] CWE-1236 CVE-2021-38963: IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote authenticated attacker to execute arbitr
IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a CSV injection vulnerability. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
cvelistv5nvd
CVE-2022-43845HIGHCVSS 7.5≥ 3.4.0, < 3.4.5≥ 3.4.0, ≤ 3.4.42024-09-25
CVE-2022-43845 [LOW] CWE-1004 CVE-2022-43845: IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive information
IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie.
cvelistv5nvd
CVE-2022-43384MEDIUMCVSS 5.4≥ 3.4.0, ≤ 3.4.2v3.4.22024-05-30
CVE-2022-43384 [MEDIUM] CWE-79 CVE-2022-43384: IBM Aspera Console 3.4.0 through 3.4.2 PL5 is vulnerable to cross-site scripting. This vulnerability
IBM Aspera Console 3.4.0 through 3.4.2 PL5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 238645.
cvelistv5nvd
CVE-2022-43575MEDIUMCVSS 5.4≥ 3.4.0, ≤ 3.4.2v3.4.22024-05-30
CVE-2022-43575 [MEDIUM] CWE-79 CVE-2022-43575: IBM Aspera Console 3.4.0 through 3.4.2 PL5 is vulnerable to cross-site scripting. This vulnerability
IBM Aspera Console 3.4.0 through 3.4.2 PL5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 238645.
cvelistv5nvd
CVE-2022-43841LOWCVSS 3.3≥ 3.4.0, ≤ 3.4.2v3.4.2+1 more2024-05-30
CVE-2022-43841 [MEDIUM] CWE-525 CVE-2022-43841: IBM Aspera Console 3.4.0 through 3.4.2 PL9 allows web pages to be stored locally which can be read b
IBM Aspera Console 3.4.0 through 3.4.2 PL9 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 239078.
cvelistv5nvd
CVE-2022-43842CRITICALCVSS 9.1≥ 3.4.0, < 3.4.2v3.4.2+1 more2024-02-23
CVE-2022-43842 [HIGH] CWE-89 CVE-2022-43842: IBM Aspera Console 3.4.0 through 3.4.2 is vulnerable to SQL injection. A remote attacker could send
IBM Aspera Console 3.4.0 through 3.4.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 239079.
cvelistv5nvd
CVE-2021-38927MEDIUMCVSS 6.1fixed in 3.4.2v3.4.2+1 more2023-12-25
CVE-2021-38927 [HIGH] CWE-79 CVE-2021-38927: IBM Aspera Console 3.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to e
IBM Aspera Console 3.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 210322.
cvelistv5nvd