Skip to main content

Aspera Shares

10 CVEs product

Monthly

CVE-2025-0162 HIGH This Week

IBM Aspera Shares 1.9.9 through 1.10.0 PL7 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE IBM Aspera Shares
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-56473 MEDIUM This Month

IBM Aspera Shares 1.9.0 through 1.10.0 PL6 could allow an attacker to spoof their IP address, which is written to log files, due to improper verification of 'Client-IP' headers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Aspera Shares
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-56472 MEDIUM This Month

IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Aspera Shares
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-56471 MEDIUM This Month

IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM SSRF Aspera Shares
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-56470 MEDIUM This Month

IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM SSRF Aspera Shares
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-38318 MEDIUM This Month

IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to HTML injection. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Aspera Shares
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2024-38317 MEDIUM This Month

IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to cross-site scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Aspera Shares
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2024-38316 MEDIUM This Month

IBM Aspera Shares 1.9.0 through 1.10.0 PL6 does not properly rate limit the frequency that an authenticated user can send emails, which could result in email flooding or a denial of service. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Aspera Shares
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-38315 MEDIUM This Month

IBM Aspera Shares 1.0 through 1.10.0 PL3 does not invalidate session after a password reset which could allow an authenticated user to impersonate another user on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Aspera Shares
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2020-4731 MEDIUM PATCH This Month

IBM Aspera Web Application 1.9.14 PL1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Aspera Shares
NVD
CVSS 3.1
6.1
EPSS
0.7%
EPSS 0% CVSS 7.1
HIGH This Week

IBM Aspera Shares 1.9.9 through 1.10.0 PL7 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE IBM Aspera Shares
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM Aspera Shares 1.9.0 through 1.10.0 PL6 could allow an attacker to spoof their IP address, which is written to log files, due to improper verification of 'Client-IP' headers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Aspera Shares
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Aspera Shares
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM SSRF Aspera Shares
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM SSRF Aspera Shares
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to HTML injection. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Aspera Shares
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to cross-site scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Aspera Shares
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM Aspera Shares 1.9.0 through 1.10.0 PL6 does not properly rate limit the frequency that an authenticated user can send emails, which could result in email flooding or a denial of service. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Aspera Shares
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM Aspera Shares 1.0 through 1.10.0 PL3 does not invalidate session after a password reset which could allow an authenticated user to impersonate another user on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Aspera Shares
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

IBM Aspera Web Application 1.9.14 PL1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Aspera Shares
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy