IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Mon, 30 Sep 2024 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Linux
Linux linux Kernel
Microsoft
Microsoft windows
Weaknesses CWE-732
CPEs cpe:2.3:a:ibm:aspera_console:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
Microsoft
Microsoft windows

Tue, 24 Sep 2024 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 24 Sep 2024 10:30:00 +0000

Type Values Removed Values Added
Description IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie.
Title IBM Aspera Console information disclosure
First Time appeared Ibm
Ibm aspera Console
Weaknesses CWE-1004
CPEs cpe:2.3:a:ibm:aspera_console:3.4.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:aspera_console:3.4.4:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm aspera Console
References
Metrics cvssV3_1

{'score': 3.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2024-09-24T13:50:34.915Z

Reserved: 2022-10-26T15:46:22.820Z

Link: CVE-2022-43845

cve-icon Vulnrichment

Updated: 2024-09-24T13:50:29.899Z

cve-icon NVD

Status : Analyzed

Published: 2024-09-25T01:15:32.757

Modified: 2024-09-30T15:53:01.643

Link: CVE-2022-43845

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.