Aspera Shares

aspera_shares

Vendor: Ibm • 17 CVEs

CVEs (17)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-66487 1Ibm 1Aspera Shares Apr 3, 2026 Apr 1, 2026 N/A· v4 6.5 MEDIUM· v3 N/A· v2 IBM Aspera Shares 1.9.9 through 1.11.0 does not properly rate limit the frequency that an authenticated user can send emails, which could result in email flooding or a denial of service.
CVE-2025-66486 1Ibm 1Aspera Shares Apr 3, 2026 Apr 1, 2026 N/A· v4 6.1 MEDIUM· v3 N/A· v2 IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of...Show more IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.Show less
CVE-2025-66485 1Ibm 1Aspera Shares Apr 3, 2026 Apr 1, 2026 N/A· v4 5.4 MEDIUM· v3 N/A· v2 IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable s...Show more IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.Show less
CVE-2025-66484 1Ibm 1Aspera Shares Apr 3, 2026 Apr 1, 2026 N/A· v4 5.4 MEDIUM· v3 N/A· v2 IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially l...Show more IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.Show less
CVE-2025-66483 1Ibm 1Aspera Shares Apr 6, 2026 Apr 1, 2026 N/A· v4 6.5 MEDIUM· v3 N/A· v2 IBM Aspera Shares 1.9.9 through 1.11.0 does not invalidate session after a password reset which could allow an authenticated user to impersonate another user on the system.
CVE-2025-13916 1Ibm 1Aspera Shares Apr 6, 2026 Apr 1, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 IBM Aspera Shares 1.9.9 through 1.11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information
CVE-2025-0162 1Ibm 1Aspera Shares Mar 13, 2025 Mar 7, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 IBM Aspera Shares 1.9.9 through 1.10.0 PL7 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to expose sensitive inf...Show more IBM Aspera Shares 1.9.9 through 1.10.0 PL7 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to expose sensitive information or consume memory resources.Show less
CVE-2024-56473 1Ibm 1Aspera Shares Mar 6, 2025 Feb 5, 2025 N/A· v4 5.3 MEDIUM· v3 N/A· v2 IBM Aspera Shares 1.9.0 through 1.10.0 PL6 could allow an attacker to spoof their IP address, which is written to log files, due to improper verification of 'Client-IP' headers.
CVE-2024-56472 1Ibm 1Aspera Shares Mar 7, 2025 Feb 5, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended function...Show more IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.Show less
CVE-2024-56471 1Ibm 1Aspera Shares Mar 7, 2025 Feb 5, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enum...Show more IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.Show less
CVE-2024-56470 1Ibm 1Aspera Shares Mar 7, 2025 Feb 5, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enum...Show more IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.Show less
CVE-2024-38318 1Ibm 1Aspera Shares Mar 7, 2025 Feb 5, 2025 N/A· v4 6.1 MEDIUM· v3 N/A· v2 IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context...Show more IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.Show less
CVE-2024-38317 1Ibm 1Aspera Shares Mar 7, 2025 Feb 5, 2025 N/A· v4 4.8 MEDIUM· v3 N/A· v2 IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality pot...Show more IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.Show less
CVE-2024-38316 1Ibm 1Aspera Shares Mar 6, 2025 Feb 5, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 IBM Aspera Shares 1.9.0 through 1.10.0 PL6 does not properly rate limit the frequency that an authenticated user can send emails, which could result in email flooding or a denial of service.
CVE-2024-38315 1Ibm 1Aspera Shares Sep 20, 2024 Sep 16, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 IBM Aspera Shares 1.0 through 1.10.0 PL3 does not invalidate session after a password reset which could allow an authenticated user to impersonate another user on the system.
CVE-2023-38018 1Ibm 1Aspera Shares Aug 29, 2024 Aug 12, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 IBM Aspera Shares 1.10.0 PL2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 260574.
CVE-2020-4731 1Ibm 1Aspera Shares Nov 21, 2024 Sep 21, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 IBM Aspera Web Application 1.9.14 PL1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading t...Show more IBM Aspera Web Application 1.9.14 PL1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188055.Show less