Ibm Aspera Shares vulnerabilities

17 known vulnerabilities affecting ibm/aspera_shares.

Total CVEs
17
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM15

Vulnerabilities

Page 1 of 1
CVE-2025-13916HIGHCVSS 7.5≥ 1.9.9, < 1.11.1≥ 1.9.9, ≤ 1.11.02026-04-01
CVE-2025-13916 [MEDIUM] CWE-327 CVE-2025-13916: IBM Aspera Shares 1.9.9 through 1.11.0 uses weaker than expected cryptographic algorithms that could IBM Aspera Shares 1.9.9 through 1.11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information
cvelistv5nvd
CVE-2025-66484MEDIUMCVSS 5.4≥ 1.9.9, < 1.11.1≥ 1.9.9, ≤ 1.11.02026-04-01
CVE-2025-66484 [MEDIUM] CWE-79 CVE-2025-66484: IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to stored cross-site scripting. This vulnerabil IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
cvelistv5nvd
CVE-2025-66486MEDIUMCVSS 6.1≥ 1.9.9, < 1.11.1≥ 1.9.9, ≤ 1.11.02026-04-01
CVE-2025-66486 [MEDIUM] CWE-80 CVE-2025-66486: IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTML injection. A remote attacker could inje IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
cvelistv5nvd
CVE-2025-66487MEDIUMCVSS 6.5≥ 1.9.9, < 1.11.1≥ 1.9.9, ≤ 1.11.02026-04-01
CVE-2025-66487 [LOW] CWE-770 CVE-2025-66487: IBM Aspera Shares 1.9.9 through 1.11.0 does not properly rate limit the frequency that an authentica IBM Aspera Shares 1.9.9 through 1.11.0 does not properly rate limit the frequency that an authenticated user can send emails, which could result in email flooding or a denial of service.
cvelistv5nvd
CVE-2025-66485MEDIUMCVSS 5.4≥ 1.9.9, < 1.11.1≥ 1.9.9, ≤ 1.11.02026-04-01
CVE-2025-66485 [MEDIUM] CWE-644 CVE-2025-66485: IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTTP header injection, caused by improper va IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.
cvelistv5nvd
CVE-2025-66483MEDIUMCVSS 6.5≥ 1.9.9, ≤ 1.11.02026-04-01
CVE-2025-66483 [MEDIUM] CWE-613 CVE-2025-66483: IBM Aspera Shares 1.9.9 through 1.11.0 does not invalidate session after a password reset which coul IBM Aspera Shares 1.9.9 through 1.11.0 does not invalidate session after a password reset which could allow an authenticated user to impersonate another user on the system.
cvelistv5nvd
CVE-2025-0162HIGHCVSS 7.1≥ 1.9.9, < 1.10.0v1.10.0+1 more2025-03-07
CVE-2025-0162 [HIGH] CWE-611 CVE-2025-0162: IBM Aspera Shares 1.9.9 through 1.10.0 PL7 is vulnerable to an XML external entity injection (XXE) a IBM Aspera Shares 1.9.9 through 1.10.0 PL7 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
cvelistv5nvd
CVE-2024-56470MEDIUMCVSS 5.4≥ 1.9.0, < 1.10.0v1.10.0+1 more2025-02-05
CVE-2024-56470 [MEDIUM] CWE-918 CVE-2024-56470: IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to server-side request forgery (SSRF). Thi IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
cvelistv5nvd
CVE-2024-56473MEDIUMCVSS 5.3≥ 1.9.0, < 1.10.0v1.10.0+1 more2025-02-05
CVE-2024-56473 [MEDIUM] CWE-117 CVE-2024-56473: IBM Aspera Shares 1.9.0 through 1.10.0 PL6 could allow an attacker to spoof their IP address, which IBM Aspera Shares 1.9.0 through 1.10.0 PL6 could allow an attacker to spoof their IP address, which is written to log files, due to improper verification of 'Client-IP' headers.
cvelistv5nvd
CVE-2024-38317MEDIUMCVSS 4.8≥ 1.9.0, < 1.10.0v1.10.0+1 more2025-02-05
CVE-2024-38317 [MEDIUM] CWE-79 CVE-2024-38317: IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to cross-site scripting. This vulnerabilit IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
cvelistv5nvd
CVE-2024-38316MEDIUMCVSS 6.5≥ 1.9.0, < 1.10.0v1.10.0+1 more2025-02-05
CVE-2024-38316 [MEDIUM] CWE-770 CVE-2024-38316: IBM Aspera Shares 1.9.0 through 1.10.0 PL6 does not properly rate limit the frequency that an authen IBM Aspera Shares 1.9.0 through 1.10.0 PL6 does not properly rate limit the frequency that an authenticated user can send emails, which could result in email flooding or a denial of service.
cvelistv5nvd
CVE-2024-56471MEDIUMCVSS 5.4≥ 1.9.0, < 1.10.0v1.10.0+1 more2025-02-05
CVE-2024-56471 [MEDIUM] CWE-918 CVE-2024-56471: IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to server-side request forgery (SSRF). Thi IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
cvelistv5nvd
CVE-2024-38318MEDIUMCVSS 6.1≥ 1.9.0, < 1.10.0v1.10.0+1 more2025-02-05
CVE-2024-38318 [MEDIUM] CWE-80 CVE-2024-38318: IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to HTML injection. A remote attacker could IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
cvelistv5nvd
CVE-2024-56472MEDIUMCVSS 5.4≥ 1.9.0, < 1.10.0v1.10.0+1 more2025-02-05
CVE-2024-56472 [MEDIUM] CWE-79 CVE-2024-56472: IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to stored cross-site scripting. This vulne IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
cvelistv5nvd
CVE-2024-38315MEDIUMCVSS 6.5≥ 1.0.0, < 1.10.0v1.10.0+1 more2024-09-16
CVE-2024-38315 [MEDIUM] CWE-613 CVE-2024-38315: IBM Aspera Shares 1.0 through 1.10.0 PL3 does not invalidate session after a password reset which co IBM Aspera Shares 1.0 through 1.10.0 PL3 does not invalidate session after a password reset which could allow an authenticated user to impersonate another user on the system.
cvelistv5nvd
CVE-2023-38018MEDIUMCVSS 5.4v1.10.0v1.10.0 PL22024-08-12
CVE-2023-38018 [MEDIUM] CWE-384 CVE-2023-38018: IBM Aspera Shares 1.10.0 PL2 does not invalidate session after a password change which could allow a IBM Aspera Shares 1.10.0 PL2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 260574.
cvelistv5nvd
CVE-2020-4731MEDIUMCVSS 6.1≤ 1.9.14v1.9.14.PL12020-09-21
CVE-2020-4731 [MEDIUM] CWE-79 CVE-2020-4731: IBM Aspera Web Application 1.9.14 PL1 is vulnerable to cross-site scripting. This vulnerability allo IBM Aspera Web Application 1.9.14 PL1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188055.
cvelistv5nvd