Vulnerabilities > IBM > Aspera Shares

DATE CVE VULNERABILITY TITLE RISK
2024-09-16 CVE-2024-38315 Insufficient Session Expiration vulnerability in IBM Aspera Shares 1.10.0/1.9.14
IBM Aspera Shares 1.0 through 1.10.0 PL3 does not invalidate session after a password reset which could allow an authenticated user to impersonate another user on the system.
network
low complexity
ibm CWE-613
6.5
6.5
2024-08-12 CVE-2023-38018 Session Fixation vulnerability in IBM Aspera Shares 1.10.0
IBM Aspera Shares 1.10.0 PL2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system.
network
low complexity
ibm CWE-384
5.4
5.4
2020-09-21 CVE-2020-4731 Cross-site Scripting vulnerability in IBM Aspera Shares 1.9.14
IBM Aspera Web Application 1.9.14 PL1 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
6.1