Multiple vulnerabilities in IBM Aspera Console
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 17 |
| CVE-ID | CVE-2024-38472 CVE-2024-40898 CVE-2024-38473 CVE-2015-4000 CVE-2024-38476 CVE-2024-36387 CVE-2023-27272 CVE-2018-25032 CVE-2024-39573 CVE-2022-43851 CVE-2022-43840 CVE-2022-43850 CVE-2024-39884 CVE-2024-40725 CVE-2022-43852 CVE-2022-43847 CVE-2022-43845 |
| CWE-ID | CWE-918 CWE-20 CWE-300 CWE-476 CWE-262 CWE-119 CWE-327 CWE-643 CWE-79 CWE-200 CWE-644 CWE-1004 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. Public exploit code for vulnerability #3 is available. Public exploit code for vulnerability #4 is available. Public exploit code for vulnerability #14 is available. |
| Vulnerable software Subscribe |
IBM Aspera Console Other software / Other software solutions |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains information about 17 vulnerabilities.
1) Server-Side Request Forgery (SSRF)
EUVDB-ID: #VU93539
Risk: Medium
CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2024-38472
CWE-ID:
CWE-918 - Server-Side Request Forgery (SSRF)
Exploit availability: Yes
DescriptionThe disclosed vulnerability allows a remote attacker to perform SSRF attacks.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send a specially crafted HTTP request and trick the web server to leak NTLM hashes.
Note, the vulnerability affects Windows installations only.
Install update from vendor's website.
Vulnerable software versionsIBM Aspera Console: before 3.4.5
CPE2.3http://www.ibm.com/support/pages/node/7169766
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Server-Side Request Forgery (SSRF)
EUVDB-ID: #VU94503
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2024-40898
CWE-ID:
CWE-918 - Server-Side Request Forgery (SSRF)
Exploit availability: Yes
DescriptionThe disclosed vulnerability allows a remote attacker to perform SSRF attacks.
The vulnerability exists due to insufficient validation of user-supplied input in Apache HTTP Server on Windows with mod_rewrite in server/vhost context. A remote attacker can force the web server to leak NTML hashes to a malicious server via SSRF and malicious requests.
Install update from vendor's website.
Vulnerable software versionsIBM Aspera Console: before 3.4.5
CPE2.3http://www.ibm.com/support/pages/node/7169766
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) Input validation error
EUVDB-ID: #VU93540
Risk: Medium
CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2024-38473
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to bypass authentication.
The vulnerability exists due to insufficient validation of user-supplied input when handling incorrect encoding in mod_proxy. A remote attacker can force the web server to pass request URLs with incorrect encoding to backend services.
Install update from vendor's website.
Vulnerable software versionsIBM Aspera Console: before 3.4.5
CPE2.3http://www.ibm.com/support/pages/node/7169766
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
4) Man-in-the-middle attack
EUVDB-ID: #VU86
Risk: Medium
CVSSv3.1: 4.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:F/RL:O/RC:C]
CVE-ID: CVE-2015-4000
CWE-ID:
CWE-300 - Channel Accessible by Non-Endpoint ('Man-in-the-Middle')
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to decrypt TLS connections in certain situations.
The vulnerability exists due to boundary error when parsing HTTP requests. A remote unauthenticated attacker can conduct a man-in-the-middle attack that can lead to the target system to downgrade the Diffie-Hellman algorithm to 512-bit export-grade cryptography.
Successful exploitation of this vulnerability may result in modification of authentication information
Install update from vendor's website.
Vulnerable software versionsIBM Aspera Console: before 3.4.5
CPE2.3http://www.ibm.com/support/pages/node/7169766
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
5) Server-Side Request Forgery (SSRF)
EUVDB-ID: #VU93543
Risk: High
CVSSv3.1: 7.8 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38476
CWE-ID:
CWE-918 - Server-Side Request Forgery (SSRF)
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform SSRF attacks.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker with control over the backend server can run local handlers via internal redirect and gain access to sensitive information or compromise the affected system.
Install update from vendor's website.
Vulnerable software versionsIBM Aspera Console: before 3.4.5
CPE2.3http://www.ibm.com/support/pages/node/7169766
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) NULL pointer dereference
EUVDB-ID: #VU93538
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36387
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error when handling websocket over HTTP/2 connections. A remote attacker can send specially crafted data to the web server and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Aspera Console: before 3.4.5
CPE2.3http://www.ibm.com/support/pages/node/7169766
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Not Using Password Aging
EUVDB-ID: #VU98043
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-27272
CWE-ID:
CWE-262 - Not Using Password Aging
Exploit availability: No
DescriptionThe vulnerability allows a remote user to gain access to potentially sensitive information.
The vulnerability exists due to passwords can be reused when a new user logs into the system. A remote user can bypass security restrictions.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Aspera Console: before 3.4.5
CPE2.3http://www.ibm.com/support/pages/node/7169766
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Buffer overflow
EUVDB-ID: #VU61671
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-25032
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when compressing data. A remote attacker can pass specially crafted input to the application, trigger memory corruption and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Aspera Console: before 3.4.5
CPE2.3http://www.ibm.com/support/pages/node/7169766
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Server-Side Request Forgery (SSRF)
EUVDB-ID: #VU93545
Risk: Medium
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39573
CWE-ID:
CWE-918 - Server-Side Request Forgery (SSRF)
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform SSRF attacks.
The vulnerability exists due to insufficient validation of user-supplied input in mod_rewrite proxy handler substitution. A remote attacker can cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Aspera Console: before 3.4.5
CPE2.3http://www.ibm.com/support/pages/node/7169766
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Use of a broken or risky cryptographic algorithm
EUVDB-ID: #VU98042
Risk: Medium
CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-43851
CWE-ID:
CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the use of weaker than expected cryptographic algorithms. A remote attacker can decrypt highly sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Aspera Console: before 3.4.5
CPE2.3http://www.ibm.com/support/pages/node/7169766
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) XPath Injection
EUVDB-ID: #VU98040
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-43840
CWE-ID:
CWE-643 - Improper Neutralization of Data within XPath Expressions
Exploit availability: No
DescriptionThe vulnerability allows a remote user to gain access to potentially sensitive information.
The vulnerability exists due to XPath injection. A remote user can exfiltrate sensitive application data and/or determine the structure of the XML document.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Aspera Console: before 3.4.5
CPE2.3http://www.ibm.com/support/pages/node/7169766
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Cross-site scripting
EUVDB-ID: #VU98039
Risk: Low
CVSSv3.1: 4 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-43850
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Aspera Console: before 3.4.5
CPE2.3http://www.ibm.com/support/pages/node/7169766
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Information disclosure
EUVDB-ID: #VU93729
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39884
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to an error when processing legacy content-type based configuration of handlers, such as "AddType" and similar configuration when files are requested indirectly. A remote attacker can send a specially crafted HTTP request and view contents of files, for example the source code of a PHP script can be served instead of interpreted.
Install update from vendor's website.
Vulnerable software versionsIBM Aspera Console: before 3.4.5
CPE2.3http://www.ibm.com/support/pages/node/7169766
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Information disclosure
EUVDB-ID: #VU94504
Risk: Medium
CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2024-40725
CWE-ID:
CWE-200 - Information exposure
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to an error when processing legacy content-type based configuration of handlers, such as "AddType" and similar configuration when files are requested indirectly. A remote attacker can send a specially crafted HTTP request and view contents of files, for example the source code of a PHP script can be served instead of interpreted.
Note, the vulnerability exists due to incomplete fix for #VU93729 (CVE-2024-39884).
Install update from vendor's website.
Vulnerable software versionsIBM Aspera Console: before 3.4.5
CPE2.3http://www.ibm.com/support/pages/node/7169766
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
15) Improper Neutralization of HTTP Headers for Scripting Syntax
EUVDB-ID: #VU98056
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-43852
CWE-ID:
CWE-644 - Improper Neutralization of HTTP Headers for Scripting Syntax
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to improper input validation when processing HTTP requests. A remote non-authenticated attacker can send a specially crafted HTTP request with an arbitrary Host header that will be accepted by the application.
Successful exploitation of the vulnerability may allow an attacker to perform cross-site scripting, cache poisoning or session hijacking attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Aspera Console: before 3.4.5
CPE2.3http://www.ibm.com/support/pages/node/7169766
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Improper Neutralization of HTTP Headers for Scripting Syntax
EUVDB-ID: #VU98058
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-43847
CWE-ID:
CWE-644 - Improper Neutralization of HTTP Headers for Scripting Syntax
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform spoofing attack.
The vulnerability exists due to improper input validation when processing HTTP requests. A remote user can send a specially crafted HTTP request with an arbitrary Host header that will be accepted by the application.
Successful exploitation of the vulnerability may allow an attacker to perform cross-site scripting, cache poisoning or session hijacking attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Aspera Console: before 3.4.5
CPE2.3http://www.ibm.com/support/pages/node/7169766
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Sensitive Cookie Without 'HttpOnly' Flag
EUVDB-ID: #VU98059
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-43845
CWE-ID:
CWE-1004 - Sensitive Cookie Without 'HttpOnly' Flag
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the failure to set the HTTPOnly flag. A remote attacker can gain unauthorized access to sensitive information from the cookie on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Aspera Console: before 3.4.5
CPE2.3http://www.ibm.com/support/pages/node/7169766
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
