Vulnerabilities > IBM > Aspera Console
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-25 | CVE-2021-38963 | Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Aspera Console 3.4.0/3.4.1/3.4.2 IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a CSV injection vulnerability. | 8.0 |
| 2024-09-25 | CVE-2022-43845 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Aspera Console 3.4.0/3.4.1/3.4.2 IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. | 7.5 |
| 2024-05-30 | CVE-2022-43384 | Unspecified vulnerability in IBM Aspera Console 3.4.0/3.4.1/3.4.2 IBM Aspera Console 3.4.0 through 3.4.2 PL5 is vulnerable to cross-site scripting. | 5.4 |
| 2024-05-30 | CVE-2022-43575 | Unspecified vulnerability in IBM Aspera Console 3.4.0/3.4.1/3.4.2 IBM Aspera Console 3.4.0 through 3.4.2 PL5 is vulnerable to cross-site scripting. | 5.4 |
| 2024-05-30 | CVE-2022-43841 | Unspecified vulnerability in IBM Aspera Console 3.4.0/3.4.1/3.4.2 IBM Aspera Console 3.4.0 through 3.4.2 PL9 allows web pages to be stored locally which can be read by another user on the system. | 3.3 |
| 2024-02-23 | CVE-2022-43842 | Unspecified vulnerability in IBM Aspera Console 3.4.0/3.4.1/3.4.2 IBM Aspera Console 3.4.0 through 3.4.2 is vulnerable to SQL injection. | 9.1 |
| 2023-12-25 | CVE-2021-38927 | Unspecified vulnerability in IBM Aspera Console 3.4.0/3.4.1/3.4.2 IBM Aspera Console 3.4.0 is vulnerable to cross-site scripting. | 6.1 |