IBM Aspera Shares versions 1.9.9 to 1.11.0 use cryptographic algorithms that are weaker than expected, allowing an attacker to decrypt data that is supposed to remain confidential. The weakness is reflected by the CWE‑327 identifier, which describes the inappropriate use of cryptographic primitives that have known vulnerabilities. As a result, confidential information transmitted or stored by the software could be exposed without authorization. The description makes no mention of a specific algorithm, but the impact is clearly the potential loss of confidentiality.

The affected product is IBM Aspera Shares on both Windows and Linux operating systems. Impacted releases are 1.9.9, 1.10.x, and 1.11.0. The 1.11.1 release resolves the issue for both platforms, with update packages available through IBM’s Fix Central for Windows and Linux. No other vendors or products are reported to be affected by this cryptographic weakness.

The CVSS score of 5.9 indicates a moderate severity vulnerability. The EPSS score of less than 1 % suggests a very low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog, implying no widespread exploitation has been documented. The likely attack vector would require an attacker who can access data encrypted by Aspera Shares or intercept that data in transit; however, no publicly available exploit technique is described in the advisory. The principal risk remains to the confidentiality of data, and it is mitigated once the software is updated to a version that uses robust cryptographic algorithms.