July 1, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Multiple Palo Alto Networks Products Vulnerabilities
April 15, 2025Multiple Juniper Networks Products Vulnerabilities
April 15, 2025Multiple Palo Alto Networks Products Vulnerabilities
April 15, 2025Multiple Juniper Networks Products Vulnerabilities
April 15, 2025
Severity
Medium
Analysis Summary
CVE-2023-27272 CVSS:3.1
IBM Aspera Console 3.4.0 up to and including 3.4.4 allows passwords to be reused when a new user logs into the system.
CVE-2022-43851 CVSS:5.9
IBM Aspera Console 3.4.0 up to and including 3.4.4 uses weaker than expected cryptographic algorithms that could allow a malicious user to decrypt highly sensitive information.
CVE-2022-43852 CVSS:5.3
IBM Aspera Console versions 3.4.0 to 3.4.4 have a vulnerability that can expose sensitive information through HTTP headers. This information disclosure could potentially be used by attackers to conduct additional attacks against the system. The vulnerability affects multiple versions of the Aspera Console software, creating a potential security risk for organizations using these specific versions.
CVE-2022-43850 CVSS:5.4
IBM Aspera Console versions 3.4.0 through 3.4.4 have a cross-site scripting (XSS) vulnerability in its Web UI. This security flaw enables users to insert malicious JavaScript code into the interface. The vulnerability can potentially allow an attacker to modify the application's intended behavior and compromise user credentials within a trusted session.
CVE-2022-43840 CVSS:4.3
IBM Aspera Console 3.4.0 up to and including 3.4.4 is vulnerable to an XPath injection vulnerability, which could allow an authenticated malicious user to exfiltrate sensitive application data and/or determine the structure of the XML document.
CVE-2022-43847 CVSS:5.4
A vulnerability exists in IBM Aspera Console versions 3.4.0 through 3.4.4 related to HTTP header injection. The issue stems from insufficient validation of HOST headers. An attacker could potentially leverage this weakness to perform multiple types of attacks, such as cross-site scripting, cache poisoning, or session hijacking.
CVE-2024-49825 CVSS:6.3
IBM Robotic Process Automation and Robotic Process Automation for Cloud Pak versions 21.0.0 through 21.0.7.20 and 23.0.0 through 23.0.20 have a session management vulnerability. The software fails to properly invalidate user sessions after logout. This weakness could enable an authenticated user to impersonate another user on the system by potentially maintaining active session access even after logging out.
Impact
- Information Disclosure
- Cross-Site Scripting
Indicators of Compromise
CVE
- CVE-2023-27272
- CVE-2022-43851
- CVE-2022-43852
- CVE-2022-43850
- CVE-2022-43840
- CVE-2022-43847
- CVE-2024-49825
Affected Vendors
- IBM
Affected Products
- IBM Aspera Console - 3.4.0 - 3.4.4
- IBM Robotic Process Automation for Cloud Pak - 21.0.0 - 21.0.7.20 - 23.0.0 - 23.0.20
- IBM Robotic Process Automation - 21.0.0 - 21.0.7.20 - 23.0.0 - 23.0.20
Remediation
Upgrade to the latest version, available from the IBM Website.