IBM Aspera Shares Vulnerability Let Attackers Login as Any User
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
IBM has disclosed a vulnerability in its Aspera Shares software, CVE-2023-38018. This flaw in user session handling could potentially allow attackers to impersonate any user within the system, posing a substantial security risk for organizations relying on this software for data transfer.
CVE-2023-38018 – Vulnerability Details
The vulnerability arises from IBM Aspera Shares’ failure to invalidate user sessions following a password change. This oversight potentially enables an authenticated user to log in like any other user on the system.
The vulnerability has a CVSS Base Score of 6.3, indicating a moderate severity. The detailed CVSS vector is (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L), highlighting the ease with which this vulnerability can be exploited in network environments with low attack complexity.
Affected Products and Versions
Affected Product(s) Version(s) IBM Aspera Shares0.0.0 – 1.10.0 PL2
The vulnerability affects IBM Aspera Shares versions from 0.0.0 to 1.10.0 PL2. This issue underscores the critical importance of robust session management protocols in software applications, especially those handling sensitive data transfers.
Remediation and Fixes
IBM has promptly addressed this vulnerability by releasing a patch. Users of IBM Aspera Shares are strongly advised to update to version 1.10.0 PL3 to mitigate the risk. The patch is available for both Linux and Windows platforms.
There are no alternative workarounds or mitigations available at this time. Therefore, applying the provided fix is crucial to ensure the security of the affected systems.
IBM encourages users to subscribe to “My Notifications” for timely updates on security bulletins and product support alerts. This proactive approach can help organizations avoid potential vulnerabilities and secure their systems.
#Cyber_Security #Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news
Оригинальная версия на сайте:
IBM Aspera Shares Vulnerability Let Attackers Login as Any User
Author: DhivyaIBM has disclosed a vulnerability in its Aspera Shares software, CVE-2023-38018. This flaw in user session handling could potentially allow attackers to impersonate any user within the system, posing a substantial security risk for organizations relying on this software for data transfer.
CVE-2023-38018 – Vulnerability Details
The vulnerability arises from IBM Aspera Shares’ failure to invalidate user sessions following a password change. This oversight potentially enables an authenticated user to log in like any other user on the system.
The vulnerability has a CVSS Base Score of 6.3, indicating a moderate severity. The detailed CVSS vector is (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L), highlighting the ease with which this vulnerability can be exploited in network environments with low attack complexity.
Affected Products and Versions
Affected Product(s) Version(s) IBM Aspera Shares0.0.0 – 1.10.0 PL2
The vulnerability affects IBM Aspera Shares versions from 0.0.0 to 1.10.0 PL2. This issue underscores the critical importance of robust session management protocols in software applications, especially those handling sensitive data transfers.
Remediation and Fixes
IBM has promptly addressed this vulnerability by releasing a patch. Users of IBM Aspera Shares are strongly advised to update to version 1.10.0 PL3 to mitigate the risk. The patch is available for both Linux and Windows platforms.
There are no alternative workarounds or mitigations available at this time. Therefore, applying the provided fix is crucial to ensure the security of the affected systems.
IBM encourages users to subscribe to “My Notifications” for timely updates on security bulletins and product support alerts. This proactive approach can help organizations avoid potential vulnerabilities and secure their systems.
#Cyber_Security #Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news
Оригинальная версия на сайте:
