CVE-2025-0162

Published: Mar 7, 2025Modified: Mar 13, 2025

7.1

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

Exploitability: 2.8 / Impact: 4.2

Source: NVD

Description

IBM Aspera Shares 1.9.9 through 1.10.0 PL7 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to expose sensitive information or consume memory resources.

Affected (9)

Products: Ibm: Aspera Shares

Ibm

1 product

Aspera Shares

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Ibm Aspera Shares	From 1.9.9 to 1.10.0
Ibm Aspera Shares	Version 1.10.0
Ibm Aspera Shares	Version 1.10.0 patch_level1
Ibm Aspera Shares	Version 1.10.0 patch_level2
Ibm Aspera Shares	Version 1.10.0 patch_level3
Ibm Aspera Shares	Version 1.10.0 patch_level4
Ibm Aspera Shares	Version 1.10.0 patch_level5
Ibm Aspera Shares	Version 1.10.0 patch_level6
Ibm Aspera Shares	Version 1.10.0 patch_level7

Related CWEs

CWE-611

Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

References (1)

https://www.ibm.com/support/pages/node/7185096

Source: psirt@us.ibm.com

Vendor Advisory

Timeline

No history available yet.