Pirated Microsoft Office Infiltrates Systems with Variety of Malware – Active IOCs
May 31, 2024Multiple NETGEAR R6850 Vulnerabilities
May 31, 2024Pirated Microsoft Office Infiltrates Systems with Variety of Malware – Active IOCs
May 31, 2024Multiple NETGEAR R6850 Vulnerabilities
May 31, 2024Severity
Medium
Analysis Summary
CVE-2022-43841 CVSS:4
IBM Aspera Console 3.4.0 through 3.4.2 PL9 allows web pages to be stored locally which can be read by another user on the system.
CVE-2022-43575 CVSS:5.4
IBM Aspera Console 3.4.0 through 3.4.2 PL5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2022-43384 CVSS:4.6
IBM Aspera Console 3.4.0 through 3.4.2 PL5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Impact
- Information Disclosure
- Cross-Site Scripting
Indicators of Compromise
CVE
- CVE-2022-43841
- CVE-2022-43575
- CVE-2022-43384
Affected Vendors
Affected Products
- IBM Aspera Console 3.4.0
- IBM Aspera Console 3.4.2
Remediation
Refer to IBM Security Advisory for patch, upgrade or suggested workaround information.