is vulnerable to an XPath injection vulnerability, which could allow an authenticated attacker to exfiltrate sensitive application data and/or determine the structure of the XML document.
Metrics
Affected Vendors & Products
Solution
It is recommended that customers upgrade to the latest version of IBM Aspera Console: Product(s)Fixing VRMPlatformLink to FixIBM Aspera Console3.4.5 Windows click here https://www.ibm.com/support/fixcentral/swg/downloadFixes IBM Aspera Console3.4.5 Linux click here https://www.ibm.com/support/fixcentral/swg/downloadFixes
Workaround
No workaround given by the vendor.
Link | Providers |
---|---|
https://www.ibm.com/support/pages/node/7169766 |
![]() ![]() |
Thu, 19 Jun 2025 01:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:a:ibm:aspera_console:*:*:*:*:*:*:*:* |
Tue, 15 Apr 2025 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-643 |
Tue, 15 Apr 2025 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Mon, 14 Apr 2025 21:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to an XPath injection vulnerability, which could allow an authenticated attacker to exfiltrate sensitive application data and/or determine the structure of the XML document. | |
Title | IBM Aspera Console XPath injection | |
First Time appeared |
Ibm
Ibm aspera Console |
|
CPEs | cpe:2.3:a:ibm:aspera_console:3.4.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_console:3.4.4:*:*:*:*:*:*:* |
|
Vendors & Products |
Ibm
Ibm aspera Console |
|
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: ibm
Published:
Updated: 2025-08-15T15:21:04.574Z
Reserved: 2022-10-26T15:46:22.820Z
Link: CVE-2022-43840

Updated: 2025-04-14T21:13:07.855Z

Status : Modified
Published: 2025-04-14T21:15:16.200
Modified: 2025-07-24T18:15:24.440
Link: CVE-2022-43840

No data.

No data.