CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0162 – IBM Aspera Shares XML external entity injection
https://notcve.org/view.php?id=CVE-2025-0162
07 Mar 2025 — IBM Aspera Shares 1.9.9 through 1.10.0 PL7 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to expose sensitive information or consume memory resources. • https://www.ibm.com/support/pages/node/7185096 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56473 – IBM Aspera Shares Data Manipulation
https://notcve.org/view.php?id=CVE-2024-56473
05 Feb 2025 — IBM Aspera Shares 1.9.0 through 1.10.0 PL6 could allow an attacker to spoof their IP address, which is written to log files, due to improper verification of 'Client-IP' headers. IBM Aspera Shares 1.9.0 through 1.10.0 PL6 could allow an attacker to spoof their IP address, which is written to log files, due to improper verification of 'Client-IP' headers. • https://www.ibm.com/support/pages/node/7182490 • CWE-117: Improper Output Neutralization for Logs •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56472 – IBM Aspera Shares Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-56472
05 Feb 2025 — IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended func... • https://www.ibm.com/support/pages/node/7182490 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56471 – IBM Aspera Shares Server-Side Request Forgery
https://notcve.org/view.php?id=CVE-2024-56471
05 Feb 2025 — IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attac... • https://www.ibm.com/support/pages/node/7182490 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56470 – IBM Aspera Shares Server-Side Request Forgery
https://notcve.org/view.php?id=CVE-2024-56470
05 Feb 2025 — IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attac... • https://www.ibm.com/support/pages/node/7182490 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38318 – IBM Aspera Shares HTML injection
https://notcve.org/view.php?id=CVE-2024-38318
05 Feb 2025 — IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. • https://www.ibm.com/support/pages/node/7182490 • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38317 – IBM Aspera Shares Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-38317
05 Feb 2025 — IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentia... • https://www.ibm.com/support/pages/node/7182490 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38316 – IBM Aspera Shares Denial of Service
https://notcve.org/view.php?id=CVE-2024-38316
05 Feb 2025 — IBM Aspera Shares 1.9.0 through 1.10.0 PL6 does not properly rate limit the frequency that an authenticated user can send emails, which could result in email flooding or a denial of service. IBM Aspera Shares 1.9.0 through 1.10.0 PL6 does not properly rate limit the frequency that an authenticated user can send emails, which could result in email flooding or a denial of service. • https://www.ibm.com/support/pages/node/7182490 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38315 – IBM Aspera Shares session fixation
https://notcve.org/view.php?id=CVE-2024-38315
16 Sep 2024 — IBM Aspera Shares 1.0 through 1.10.0 PL3 does not invalidate session after a password reset which could allow an authenticated user to impersonate another user on the system. • https://exchange.xforce.ibmcloud.com/vulnerabilities/294742 • CWE-613: Insufficient Session Expiration •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4731
https://notcve.org/view.php?id=CVE-2020-4731
21 Sep 2020 — IBM Aspera Web Application 1.9.14 PL1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188055. IBM Aspera Web Application versión 1.9.14 PL1, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, a... • https://exchange.xforce.ibmcloud.com/vulnerabilities/188055 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •