Aspera Console
CVE-2022-43847
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Lifecycle Timeline
2DescriptionCVE.org
IBM Aspera Console 3.4.0 through 3.4.4
is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.
AnalysisAI
IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-644. IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. Affected products include: Ibm Aspera Console. Version information: through 3.4.4.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Aspera Console
View allIBM Aspera Console 3.4.0 through 3.4.8 is vulnerable to SQL injection. A remote attacker could send specially crafted SQ
IBM Aspera Console 3.4.0 through 3.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker t
IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vul
IBM Aspera Console 3.4.0 through 3.4.4 could disclose sensitive information in HTTP headers that could be used in furthe
IBM Aspera Console versions 3.3.0 through 3.4.8 contain an improper rate-limiting vulnerability in the email service tha
IBM Aspera Console versions 3.3.0 through 3.4.8 contain a username enumeration vulnerability caused by observable respon
Aspera Console versions up to 3.4.7 is affected by insertion of sensitive information into log file (CVSS 4.9).
IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to an XPath injection vulnerability, which could allow an authentic
IBM Aspera Console 3.4.0 through 3.4.4 allows passwords to be reused when a new user logs into the system. Rated low sev
Share
External POC / Exploit Code
Leaving vuln.today