Skip to main content

Aspera Console

10 CVEs product

Monthly

CVE-2025-13212 MEDIUM PATCH This Month

IBM Aspera Console versions 3.3.0 through 3.4.8 contain an improper rate-limiting vulnerability in the email service that allows authenticated users to trigger a denial of service condition. An attacker with valid credentials can abuse the email functionality by sending requests at excessive frequencies, exhausting service resources and rendering the email feature unavailable to legitimate users. This vulnerability requires authentication and does not provide confidentiality or integrity impact, resulting in a moderate CVSS score of 5.3.

Denial Of Service IBM Aspera Console
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-13460 MEDIUM PATCH This Month

IBM Aspera Console versions 3.3.0 through 3.4.8 contain a username enumeration vulnerability caused by observable response discrepancies in authentication mechanisms. An unauthenticated remote attacker can exploit this to enumerate valid usernames through response analysis, enabling reconnaissance for subsequent targeted attacks. With a CVSS score of 5.3 and low attack complexity, this is a low-to-moderate severity information disclosure issue suitable for standard patch management cycles rather than emergency response.

IBM Information Disclosure Aspera Console
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-13379 HIGH This Week

IBM Aspera Console 3.4.0 through 3.4.8 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database. [CVSS 8.6 HIGH]

IBM SQLi Aspera Console
NVD
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-13925 MEDIUM This Month

Aspera Console versions up to 3.4.7 is affected by insertion of sensitive information into log file (CVSS 4.9).

IBM Aspera Console
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2023-27272 LOW Monitor

IBM Aspera Console 3.4.0 through 3.4.4 allows passwords to be reused when a new user logs into the system. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Brute Force IBM Information Disclosure Aspera Console
NVD
CVSS 3.1
3.1
EPSS
0.2%
CVE-2022-43852 MEDIUM This Month

IBM Aspera Console 3.4.0 through 3.4.4 could disclose sensitive information in HTTP headers that could be used in further attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Aspera Console
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2022-43851 MEDIUM This Month

IBM Aspera Console 3.4.0 through 3.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure IBM Aspera Console
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2022-43850 MEDIUM This Month

IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Aspera Console
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2022-43847 MEDIUM This Month

IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Aspera Console
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2022-43840 MEDIUM This Month

IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to an XPath injection vulnerability, which could allow an authenticated attacker to exfiltrate sensitive application data and/or determine the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Aspera Console
NVD
CVSS 3.1
4.3
EPSS
0.2%
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

IBM Aspera Console versions 3.3.0 through 3.4.8 contain an improper rate-limiting vulnerability in the email service that allows authenticated users to trigger a denial of service condition. An attacker with valid credentials can abuse the email functionality by sending requests at excessive frequencies, exhausting service resources and rendering the email feature unavailable to legitimate users. This vulnerability requires authentication and does not provide confidentiality or integrity impact, resulting in a moderate CVSS score of 5.3.

Denial Of Service IBM Aspera Console
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

IBM Aspera Console versions 3.3.0 through 3.4.8 contain a username enumeration vulnerability caused by observable response discrepancies in authentication mechanisms. An unauthenticated remote attacker can exploit this to enumerate valid usernames through response analysis, enabling reconnaissance for subsequent targeted attacks. With a CVSS score of 5.3 and low attack complexity, this is a low-to-moderate severity information disclosure issue suitable for standard patch management cycles rather than emergency response.

IBM Information Disclosure Aspera Console
NVD VulDB
EPSS 0% CVSS 8.6
HIGH This Week

IBM Aspera Console 3.4.0 through 3.4.8 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database. [CVSS 8.6 HIGH]

IBM SQLi Aspera Console
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

Aspera Console versions up to 3.4.7 is affected by insertion of sensitive information into log file (CVSS 4.9).

IBM Aspera Console
NVD
EPSS 0% CVSS 3.1
LOW Monitor

IBM Aspera Console 3.4.0 through 3.4.4 allows passwords to be reused when a new user logs into the system. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Brute Force IBM Information Disclosure +1
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM Aspera Console 3.4.0 through 3.4.4 could disclose sensitive information in HTTP headers that could be used in further attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Aspera Console
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

IBM Aspera Console 3.4.0 through 3.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure IBM Aspera Console
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Aspera Console
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Aspera Console
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to an XPath injection vulnerability, which could allow an authenticated attacker to exfiltrate sensitive application data and/or determine the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Aspera Console
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy