IBM Aspera Console versions 3.3.0 through 3.4.8 could allow a privileged user to cause a denial of service due to improper enforcement of behavioral workflow, as detailed by the vendor’s description. This flaw permits the attacker to interrupt normal operation of the console, thereby compromising availability for users interacting with the service. The weakness is associated with CWE-841, indicating a defect in how system behavior is enforced or logged. The impact is localized to systems running the affected console and does not directly expose data or allow remote code execution.

Affected products include IBM Aspera Console for Windows and Linux platforms. All releases from 3.3.0 up to and including 3.4.8 are impacted, encompassing both the 3.3.x and 3.4.x series. No other vendor products are listed in the CNA data, and the CPE entries confirm the scope is limited to the Aspera Console application itself.

The CVSS score of 2.7 places this vulnerability in the low severity range, and the EPSS score indicates a probability of exploitation of less than 1%. It is not listed in the CISA KEV catalog, suggesting no large-scale exploitation has been reported. The attack vector is likely local or requires privileged access, as the vulnerability exploits improper enforcement of workflow for privileged users. Nevertheless, any insider or compromised administrative account could use this flaw to interrupt service availability, making it important for administrators to apply the recommended patch promptly.