Description
IBM Aspera Console 3.3.0 through 3.4.8 could allow an authenticated user to cause a denial of service in the email service due to improper control of interaction frequency.
Published: 2026-03-13
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch Now
AI Analysis

Impact

The vulnerability exists in IBM Aspera Console versions 3.3.0 through 3.4.8. An authenticated user can repeatedly trigger the email notification service, leading to exhaustion of resources and a denial of service. The weakness is classified as CWE-799, indicating improper control of interaction frequency that disrupts normal operation. The impact is the inability of the console to send or process email notifications for users until the service is restarted.

Affected Systems

The affected vendor is IBM, product Aspera Console. All deployments running versions 3.3.0 up to but not including 3.4.9 are vulnerable. This includes both Linux and Windows installations as indicated by the Common Platform Enumeration entries for IBM Aspera Console and the underlying operating systems.

Risk and Exploitability

The CVSS v3 score is 5.3, indicating a medium risk with potential service disruption. EPSS score is less than 1%, implying a very low probability of exploitation in the wild. It is not listed in CISA’s Known Exploited Vulnerabilities catalog. Exploitation requires authenticated access to the console, so attackers would typically need valid credentials or compromised administrative accounts. Once authorized, they can repeatedly invoke the email function to exhaust resources and cause a denial of service.

Generated by OpenCVE AI on March 17, 2026 at 17:31 UTC.

Remediation

Vendor Solution

Remediation/Fixes It is strongly recommended that customers upgrade to the latest version of IBM Aspera Console: Product(s) Fixing VRM Platform Link to Fix IBM Aspera Console 3.4.9 Windows Link IBM Aspera Console 3.4.9 Linux Link

OpenCVE Recommended Actions

  • Upgrade IBM Aspera Console to version 3.4.9 or later on both Windows and Linux
  • Verify that the email service is functioning correctly after the upgrade

Generated by OpenCVE AI on March 17, 2026 at 17:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 17 Mar 2026 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Linux
Linux linux Kernel
Microsoft
Microsoft windows
CPEs cpe:2.3:a:ibm:aspera_console:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
Microsoft
Microsoft windows

Mon, 16 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 13 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Description IBM Aspera Console 3.3.0 through 3.4.8 could allow an authenticated user to cause a denial of service in the email service due to improper control of interaction frequency.
Title IBM Aspera Console Denial of Service
First Time appeared Ibm
Ibm aspera Console
Weaknesses CWE-799
CPEs cpe:2.3:a:ibm:aspera_console:3.3.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:aspera_console:3.4.8:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm aspera Console
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}

Subscriptions

Ibm Aspera Console
Linux Linux Kernel
Microsoft Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2026-03-16T13:53:57.011Z

Reserved: 2025-11-14T19:05:22.749Z

Link: CVE-2025-13212

cve-icon Vulnrichment

Updated: 2026-03-16T13:53:53.560Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-16T14:17:54.500

Modified: 2026-03-17T15:49:03.850

Link: CVE-2025-13212

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T13:40:03Z

Weaknesses