CVE-2022-43840

Summary

IBM Aspera Console 3.4.0 through 3.4.4

is vulnerable to an XPath injection vulnerability, which could allow an authenticated attacker to exfiltrate sensitive application data and/or determine the structure of the XML document.

Affected Software

VendorProductVersion RangeStatus
IBMAspera Console3.4.0 <= 3.4.4affected

Weaknesses

  • CWE-643: CWE-643 Improper Neutralization of Data within XPath Expressions ('XPath Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References