Severity
Medium
Analysis Summary
CVE-2024-56473 CVSS:5.3
IBM Aspera Shares 1.9.0 through 1.10.0 PL6 could allow an attacker to spoof their IP address, which is written to log files, due to improper verification of 'Client-IP' headers.
CVE-2024-56471 CVSS:5.4
IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
CVE-2024-56470 CVSS:5.4
IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
Impact
- Data Manipulation
- Gain Access
Indicators of Compromise
CVE
CVE-2024-56473
CVE-2024-56471
CVE-2024-56470
Affected Vendors
- IBM
Affected Products
- IBM Aspera Shares - 1.9.0
Remediation
Refer to the appropriate IBM Security Advisory for the patch, upgrade, or suggested workaround information.