CVE-2022-43840
IBM Aspera Console XPath injection
In short
IBM Aspera Console versions 3.4.0-3.4.4 have a flaw where authenticated users can inject malicious XPath queries to steal sensitive data or learn how the application's XML files are organized.
Technical detail
XPath injection vulnerability in IBM Aspera Console 3.4.0-3.4.4 allows authenticated attackers to manipulate XPath queries through unsanitized input, enabling data exfiltration and XML schema reconnaissance. The attack requires prior authentication and affects confidentiality of stored sensitive information.
Summary generated and translated by AI from the official description.
IBM Aspera Console 3.4.0 through 3.4.4
is vulnerable to an XPath injection vulnerability, which could allow an authenticated attacker to exfiltrate sensitive application data and/or determine the structure of the XML document.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected products
IBM · Aspera ConsoleWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →