3.4.2

CVSS 9.1 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

ibm

critical

NVD

Published: 2024-02-23

Updated: 2024-12-31

Summary

IBM Aspera Console 3.4.0 through 3.4.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 239079.

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Aspera Console 3.4.0 IBM Aspera Console 3.4.1 IBM Aspera Console 3.4.2	9
OS	Linux Linux Linux Kernel -	1
OS	Microsoft Microsoft Windows -	1

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/239079
https://exchange.xforce.ibmcloud.com/vulnerabilities/239079
https://www.ibm.com/support/pages/node/7122632
https://www.ibm.com/support/pages/node/7122632