CVE-2024-38318
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
05/02/2025
Last modified:
07/03/2025
Description
IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
Impact
Base Score 3.x
4.80
Severity 3.x
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:ibm:aspera_shares:*:*:*:*:*:*:*:* | 1.9.0 (including) | 1.10.0 (excluding) |
cpe:2.3:a:ibm:aspera_shares:1.10.0:-:*:*:*:*:*:* | ||
cpe:2.3:a:ibm:aspera_shares:1.10.0:patch_level1:*:*:*:*:*:* | ||
cpe:2.3:a:ibm:aspera_shares:1.10.0:patch_level2:*:*:*:*:*:* | ||
cpe:2.3:a:ibm:aspera_shares:1.10.0:patch_level3:*:*:*:*:*:* | ||
cpe:2.3:a:ibm:aspera_shares:1.10.0:patch_level4:*:*:*:*:*:* | ||
cpe:2.3:a:ibm:aspera_shares:1.10.0:patch_level5:*:*:*:*:*:* | ||
cpe:2.3:a:ibm:aspera_shares:1.10.0:patch_level6:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page