cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-38315,https://securityvulnerability.io/vulnerability/CVE-2024-38315,Session Management Flaw in IBM Aspera Shares by IBM,"IBM Aspera Shares versions 1.0 through 1.10.0 PL3 contain a session management vulnerability that fails to invalidate active sessions after a password reset. This flaw permits an authenticated user to potentially impersonate another user, leading to unauthorized actions within the system. Proper session invalidation protocols are crucial to prevent such impersonation and safeguard user data.",IBM,Aspera Shares,6.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-09-16T15:15:00.000Z,0
CVE-2023-38018,https://securityvulnerability.io/vulnerability/CVE-2023-38018,Potential Password Impersonation Vulnerability in IBM Aspera Shares 1.10.0 PL2,"IBM Aspera Shares 1.10.0 PL2 contains a session management flaw that fails to invalidate user sessions when a password change occurs. This vulnerability could be exploited by an authenticated user to impersonate another user on the system, potentially leading to unauthorized access to sensitive information and operations. The lack of appropriate session invalidation represents a significant security risk, as it undermines the integrity of user authentication processes. Organizations using affected versions are advised to apply available security updates to mitigate this risk.",IBM,Aspera Shares,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-08-12T13:38:00.000Z,0
CVE-2020-4731,https://securityvulnerability.io/vulnerability/CVE-2020-4731,,IBM Aspera Web Application 1.9.14 PL1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188055.,IBM,Aspera Shares,6.1,MEDIUM,0.0006799999973736703,false,,false,false,false,,,false,false,,2020-09-21T15:15:00.000Z,0
CVE-2020-4436,https://securityvulnerability.io/vulnerability/CVE-2020-4436,,"Certain IBM Aspera applications are vulnerable to buffer overflow after valid authentication, which could allow an attacker with intimate knowledge of the system to execute arbitrary code through a service. IBM X-Force ID: 180902.",IBM,"Aspera Faspex On Demand,Aspera High-speed Transfer Server For Cloud Pak For Integration (cp4i),Aspera High-speed Transfer Endpoint,Aspera Streaming,Aspera Server On Demand,Aspera Shares On Demand,Aspera Application Platform On Demand,Aspera Transfer Cluster Manager,Aspera High-speed Transfer Server,Aspera Proxy Server",8.8,HIGH,0.0018400000408291817,false,,false,false,false,,,false,false,,2020-06-10T13:15:00.000Z,0
CVE-2020-4432,https://securityvulnerability.io/vulnerability/CVE-2020-4432,,"Certain IBM Aspera applications are vulnerable to command injection after valid authentication, which could allow an attacker with intimate knowledge of the system to execute commands in a SOAP API. IBM X-Force ID: 180810.",IBM,"Aspera Streaming,Aspera High-speed Transfer Endpoint,Aspera High-speed Transfer Server For Cloud Pak For Integration (cp4i),Aspera Server On Demand,Aspera Faspex On Demand,Aspera Proxy Server,Aspera Application Platform On Demand,Aspera Shares On Demand,Aspera High-speed Transfer Server,Aspera Transfer Cluster Manager",7.5,HIGH,0.0007999999797903001,false,,false,false,false,,,false,false,,2020-06-10T13:15:00.000Z,0
CVE-2020-4434,https://securityvulnerability.io/vulnerability/CVE-2020-4434,,"Certain IBM Aspera applications are vulnerable to buffer overflow based on the product configuration and valid authentication, which could allow an attacker with intimate knowledge of the system to execute arbitrary code or perform a denial-of-service (DoS) through the http fallback service. IBM X-Force ID: 180900.",IBM,"Aspera Shares On Demand,Aspera Application Platform On Demand,Aspera Transfer Cluster Manager,Aspera High-speed Transfer Server,Aspera Proxy Server,Aspera Faspex On Demand,Aspera High-speed Transfer Server For Cloud Pak For Integration (cp4i),Aspera High-speed Transfer Endpoint,Aspera Streaming,Aspera Server On Demand",7.5,HIGH,0.0018400000408291817,false,,false,false,false,,,false,false,,2020-06-10T13:15:00.000Z,0
CVE-2020-4435,https://securityvulnerability.io/vulnerability/CVE-2020-4435,,"Certain IBM Aspera applications are vulnerable to arbitrary memory corruption based on the product configuration, which could allow an attacker with intimate knowledge of the system to execute arbitrary code or perform a denial-of-service (DoS) through the http fallback service. IBM X-Force ID: 180901.",IBM,"Aspera Transfer Cluster Manager,Aspera High-speed Transfer Server,Aspera Shares On Demand,Aspera Application Platform On Demand,Aspera Proxy Server,Aspera Faspex On Demand,Aspera Server On Demand,Aspera High-speed Transfer Server For Cloud Pak For Integration (cp4i),Aspera Streaming,Aspera High-speed Transfer Endpoint",7.5,HIGH,0.00139999995008111,false,,false,false,false,,,false,false,,2020-06-10T13:15:00.000Z,0
CVE-2020-4433,https://securityvulnerability.io/vulnerability/CVE-2020-4433,,"Certain IBM Aspera applications are vulnerable to a stack-based buffer overflow, caused by improper bounds checking. This could allow a remote attacker with intimate knowledge of the server to execute arbitrary code on the system with the privileges of root or cause server to crash. IBM X-Force ID: 180814.",IBM,"Aspera Faspex On Demand,Aspera Server On Demand,Aspera High-speed Transfer Server For Cloud Pak For Integration (cp4i),Aspera High-speed Transfer Endpoint,Aspera Streaming,Aspera Transfer Cluster Manager,Aspera High-speed Transfer Server,Aspera Shares On Demand,Aspera Application Platform On Demand,Aspera Proxy Server",7.5,HIGH,0.014390000142157078,false,,false,false,false,,,false,false,,2020-06-10T13:15:00.000Z,0