CVE-2021-38963 – IBM Aspera Console CSV injection
https://notcve.org/view.php?id=CVE-2021-38963
IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a CSV injection vulnerability. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. • https://www.ibm.com/support/pages/node/7169765 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVE-2022-43845 – IBM Aspera Console information disclosure
https://notcve.org/view.php?id=CVE-2022-43845
IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. • https://www.ibm.com/support/pages/node/7169766 • CWE-1004: Sensitive Cookie Without 'HttpOnly' Flag •
CVE-2022-43575 – IBM Aspera Console cross-site scripting
https://notcve.org/view.php?id=CVE-2022-43575
IBM Aspera Console 3.4.0 through 3.4.2 PL5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 238645. IBM Aspera Console 3.4.0 a 3.4.2 PL5 es vulnerable a Cross-site Scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/238680 https://www.ibm.com/support/pages/node/7155215 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-43384 – IBM Aspera Console cross-site scripting
https://notcve.org/view.php?id=CVE-2022-43384
IBM Aspera Console 3.4.0 through 3.4.2 PL5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 238645. IBM Aspera Console 3.4.0 a 3.4.2 PL5 es vulnerable a Cross-site Scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/238645 https://www.ibm.com/support/pages/node/7155215 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-43842 – IBM Aspera Console SQL injection
https://notcve.org/view.php?id=CVE-2022-43842
IBM Aspera Console 3.4.0 through 3.4.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 239079. IBM Aspera Console 3.4.0 a 3.4.2 es vulnerable a la inyección SQL. Un atacante remoto podría enviar declaraciones SQL especialmente diseñadas, que podrían permitirle ver, agregar, modificar o eliminar información en la base de datos back-end. • https://exchange.xforce.ibmcloud.com/vulnerabilities/239079 https://www.ibm.com/support/pages/node/7122632 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •