Ibm Aspera Console
18 CVEs affecting Ibm Aspera Console. Latest disclosed: 2026-03-13. Critical: 0, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-13379 | High | 8.6 | 2026-02-05 | IBM Aspera Console 3.4.0 through 3.4.8 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the att… |
CVE-2022-43842 | High | 8.6 | 2024-02-23 | IBM Aspera Console 3.4.0 through 3.4.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the att… |
CVE-2021-38963 | High | 8.0 | 2024-09-24 | IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a CSV injection vulnerabi… |
CVE-2021-38927 | High | 7.2 | 2023-12-25 | IBM Aspera Console 3.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering… |
CVE-2022-43851 | Medium | 5.9 | 2025-04-14 | IBM Aspera Console 3.4.0 through 3.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. |
CVE-2022-43850 | Medium | 5.4 | 2025-04-14 | IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI… |
CVE-2022-43847 | Medium | 5.4 | 2025-04-14 | IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow a… |
CVE-2022-43575 | Medium | 5.4 | 2024-05-30 | IBM Aspera Console 3.4.0 through 3.4.2 PL5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web… |
CVE-2025-13212 | Medium | 5.3 | 2026-03-13 | IBM Aspera Console 3.3.0 through 3.4.8 could allow an authenticated user to cause a denial of service in the email service due to improper control of interacti… |
CVE-2025-13460 | Medium | 5.3 | 2026-03-13 | IBM Aspera Console 3.3.0 through 3.4.8 could allow an attacker to enumerate usernames due to an observable response discrepancy. |
CVE-2022-43852 | Medium | 5.3 | 2025-04-14 | IBM Aspera Console 3.4.0 through 3.4.4 could disclose sensitive information in HTTP headers that could be used in further attacks against the system. |
CVE-2025-13925 | Medium | 4.9 | 2026-01-20 | IBM Aspera Console 3.4.7 stores potentially sensitive information in log files that could be read by a local privileged user. |
CVE-2022-43384 | Medium | 4.6 | 2024-05-30 | IBM Aspera Console 3.4.0 through 3.4.2 PL5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web… |
CVE-2022-43840 | Medium | 4.3 | 2025-04-14 | IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to an XPath injection vulnerability, which could allow an authenticated attacker to exfiltrate sensitive… |
CVE-2022-43841 | Medium | 4.0 | 2024-05-30 | IBM Aspera Console 3.4.0 through 3.4.2 PL9 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 239078. |
CVE-2022-43845 | Low | 3.7 | 2024-09-24 | IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote… |
CVE-2023-27272 | Low | 3.1 | 2025-04-14 | IBM Aspera Console 3.4.0 through 3.4.4 allows passwords to be reused when a new user logs into the system. |
CVE-2025-13459 | Low | 2.7 | 2026-03-13 | IBM Aspera Console 3.3.0 through 3.4.8 could allow a privileged user to cause a denial of service due to improper enforcement of behavioral workflow. |