1.9.14

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

ibm

CWE-613

NVD

Published: 2024-09-16

Updated: 2024-09-20

Summary

IBM Aspera Shares 1.0 through 1.10.0 PL3 does not invalidate session after a password reset which could allow an authenticated user to impersonate another user on the system.

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Aspera Shares 1.10.0 IBM Aspera Shares 1.9.14	6

Common Weakness Enumeration (CWE)

CWE-613 - Insufficient Session Expiration

References

https://www.ibm.com/support/pages/node/7168379
https://exchange.xforce.ibmcloud.com/vulnerabilities/294742