Every CVE whose affected-product data names Ibm Aspera Console, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (18)
CVE-2022-43842 — CVSS 8.6 (high): IBM Aspera Console 3.4.0 through 3.4.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which…
CVE-2025-13379 — CVSS 8.6 (high): IBM Aspera Console 3.4.0 through 3.4.8 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which…
CVE-2021-38963 — CVSS 8.0 (high): IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a CSV…
CVE-2021-38927 — CVSS 7.2 (high): IBM Aspera Console 3.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the…
CVE-2022-43851 — CVSS 5.9 (medium): IBM Aspera Console 3.4.0 through 3.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly…
CVE-2022-43850 — CVSS 5.4 (medium): IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript…
CVE-2022-43575 — CVSS 5.4 (medium): IBM Aspera Console 3.4.0 through 3.4.2 PL5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary…
CVE-2022-43847 — CVSS 5.4 (medium): IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers…
CVE-2022-43852 — CVSS 5.3 (medium): IBM Aspera Console 3.4.0 through 3.4.4 could disclose sensitive information in HTTP headers that could be used in further attacks against…
CVE-2025-13460 — CVSS 5.3 (medium): IBM Aspera Console 3.3.0 through 3.4.8 could allow an attacker to enumerate usernames due to an observable response discrepancy.
CVE-2025-13212 — CVSS 5.3 (medium): IBM Aspera Console 3.3.0 through 3.4.8 could allow an authenticated user to cause a denial of service in the email service due to improper…
CVE-2025-13925 — CVSS 4.9 (medium): IBM Aspera Console 3.4.7 stores potentially sensitive information in log files that could be read by a local privileged user.
CVE-2022-43384 — CVSS 4.6 (medium): IBM Aspera Console 3.4.0 through 3.4.2 PL5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary…
CVE-2022-43840 — CVSS 4.3 (medium): IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to an XPath injection vulnerability, which could allow an authenticated attacker to…
CVE-2022-43841 — CVSS 4.0 (medium): IBM Aspera Console 3.4.0 through 3.4.2 PL9 allows web pages to be stored locally which can be read by another user on the system. IBM…
CVE-2022-43845 — CVSS 3.7 (low): IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the…
CVE-2023-27272 — CVSS 3.1 (low): IBM Aspera Console 3.4.0 through 3.4.4 allows passwords to be reused when a new user logs into the system.
CVE-2025-13459 — CVSS 2.7 (low): IBM Aspera Console 3.3.0 through 3.4.8 could allow a privileged user to cause a denial of service due to improper enforcement of behavioral…