Vulnerabilities > IBM > Aspera Shares > 1.10.0

DATE CVE VULNERABILITY TITLE RISK
2025-03-07 CVE-2025-0162 XXE vulnerability in IBM Aspera Shares 1.10.0/1.9.14/1.9.15
IBM Aspera Shares 1.9.9 through 1.10.0 PL7 is vulnerable to an XML external entity injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
7.1
2025-02-05 CVE-2024-38316 Unspecified vulnerability in IBM Aspera Shares 1.10.0/1.9.14/1.9.15
IBM Aspera Shares 1.9.0 through 1.10.0 PL6 does not properly rate limit the frequency that an authenticated user can send emails, which could result in email flooding or a denial of service.
network
low complexity
ibm
6.5
2025-02-05 CVE-2024-38318 Cross-site Scripting vulnerability in IBM Aspera Shares 1.10.0/1.9.14/1.9.15
IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to HTML injection.
network
low complexity
ibm CWE-79
6.1
2025-02-05 CVE-2024-56472 Unspecified vulnerability in IBM Aspera Shares 1.10.0/1.9.14/1.9.15
IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to stored cross-site scripting.
network
low complexity
ibm
5.4
2024-09-16 CVE-2024-38315 Insufficient Session Expiration vulnerability in IBM Aspera Shares 1.10.0/1.9.14
IBM Aspera Shares 1.0 through 1.10.0 PL3 does not invalidate session after a password reset which could allow an authenticated user to impersonate another user on the system.
network
low complexity
ibm CWE-613
6.5
2024-08-12 CVE-2023-38018 Session Fixation vulnerability in IBM Aspera Shares 1.10.0
IBM Aspera Shares 1.10.0 PL2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system.
network
low complexity
ibm CWE-384
5.4