Vulnerabilities > IBM > Aspera Console

DATE CVE VULNERABILITY TITLE RISK
2024-09-25 CVE-2021-38963 Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Aspera Console 3.4.0/3.4.1/3.4.2
IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a CSV injection vulnerability.
network
low complexity
ibm CWE-1236
8.0
2024-09-25 CVE-2022-43845 Incorrect Permission Assignment for Critical Resource vulnerability in IBM Aspera Console 3.4.0/3.4.1/3.4.2
IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag.
network
low complexity
ibm CWE-732
7.5
2023-12-25 CVE-2021-38927 Cross-site Scripting vulnerability in IBM Aspera Console 3.4.0/3.4.1/3.4.2
IBM Aspera Console 3.4.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1