cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-43845,https://securityvulnerability.io/vulnerability/CVE-2022-43845,Aspera Console Vulnerability: Remote Attacker Could Access Sensitive Information,"A vulnerability has been identified in IBM Aspera Console versions 3.4.0 through 3.4.4 that allows for the potential exposure of sensitive information. This issue arises from a failure to properly configure the HTTPOnly flag on cookies, leaving them accessible to malicious scripts. By exploiting this vulnerability, an attacker can remotely harvest sensitive data stored in the affected cookies, which may include session tokens or personal information. It is critical for users of the affected versions to apply security updates and configure their settings to mitigate the risk of unauthorized access.",IBM,Aspera Console,7.5,HIGH,0.0008699999889358878,false,,false,false,false,,,false,false,,2024-09-25T01:15:00.000Z,0
CVE-2021-38963,https://securityvulnerability.io/vulnerability/CVE-2021-38963,Aspera Console Under Attack: Cavalier CSV Injection Vulnerability,"An issue has been identified in IBM Aspera Console versions 3.4.0 to 3.4.4, which allows remote authenticated attackers to exploit the system through a CSV injection vulnerability. This flaw occurs when a specially crafted file is opened by a victim, enabling an attacker to execute arbitrary code on the impacted system. Proper mitigation measures should be implemented to prevent exploitation and to safeguard system integrity.",IBM,Aspera Console,8,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-09-25T01:15:00.000Z,0
CVE-2022-43841,https://securityvulnerability.io/vulnerability/CVE-2022-43841,Aspera Console Vulnerability Allows Web Pages to be Stored Locally,"A vulnerability exists in IBM Aspera Console versions 3.4.0 to 3.4.2 PL9, enabling local storage of web pages that can potentially be accessed by other users on the same system. This security gap poses a risk to data integrity, as unauthorized users may gain access to sensitive information stored within these web pages. Proper security measures and software updates are essential to mitigate this issue.",IBM,Aspera Console,3.3,LOW,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-30T11:45:55.428Z,0
CVE-2022-43575,https://securityvulnerability.io/vulnerability/CVE-2022-43575,Aspera Console vulnerable to Cross-Site Scripting,"IBM Aspera Console versions 3.4.0 through 3.4.2 PL5 exhibit a vulnerability allowing cross-site scripting (XSS) attacks. This security flaw enables malicious users to inject arbitrary JavaScript code into the Web UI. Consequently, this could affect the intended functionality of the application and potentially result in the disclosure of user credentials within a trusted session. It is crucial for organizations using affected versions to apply necessary security measures and updates to mitigate this security risk.",IBM,Aspera Console,5.4,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-05-30T11:38:06.556Z,0
CVE-2022-43384,https://securityvulnerability.io/vulnerability/CVE-2022-43384,Aspera Console vulnerable to Cross-Site Scripting,"IBM Aspera Console versions 3.4.0 through 3.4.2 PL5 are exposed to a cross-site scripting vulnerability that permits the injection of arbitrary JavaScript code within the Web UI. This security flaw can lead to unauthorized alteration of application functionality, which raises significant concerns such as potential exposure of user credentials during an active trusted session. Remediation measures are essential to mitigate the risks associated with this vulnerability, safeguarding user data from possible exploitation.",IBM,Aspera Console,5.4,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-05-30T11:36:25.042Z,0
CVE-2022-43842,https://securityvulnerability.io/vulnerability/CVE-2022-43842,Aspera Console Vulnerable to SQL Injection,"The vulnerability in IBM Aspera Console versions 3.4.0 through 3.4.2 arises from improper handling of input, allowing a remote attacker to execute arbitrary SQL queries. By sending specially crafted SQL statements, an attacker may gain unauthorized access to the back-end database, leading to potential exposure and manipulation of sensitive data. This vulnerability highlights the importance of input validation and secure coding practices to protect against injection attacks.",IBM,Aspera Console,9.1,CRITICAL,0.0008900000248104334,false,,false,false,false,,,false,false,,2024-02-23T18:47:13.874Z,0
CVE-2021-38927,https://securityvulnerability.io/vulnerability/CVE-2021-38927,IBM Aspera Console cross-site scripting,"IBM Aspera Console 3.4.0 is susceptible to a cross-site scripting vulnerability that permits users to inject arbitrary JavaScript code into the web interface. This malicious code execution can modify the application's intended features, leading to the potential exposure of sensitive credentials during a trusted session. Remediation efforts should be prioritized to ensure the security of user data.",IBM,Aspera Console,7.2,HIGH,0.0006200000061653554,false,,false,false,false,,,false,false,,2023-12-25T03:15:00.000Z,0