Description
IBM Aspera Shares 1.9.9 through 1.11.0 does not properly rate limit the frequency that an authenticated user can send emails, which could result in email flooding or a denial of service.
Published: 2026-04-01
Score: 2.7 Low
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch Immediately
AI Analysis

Impact

The vulnerability allows an authenticated user to send emails without proper rate limiting, which can result in email flooding or a denial of service. This weakness enables a legitimate user to exhaust system resources by sending large volumes of mail, potentially disrupting service availability for all users.

Affected Systems

IBM Aspera Shares versions 1.9.9 through 1.11.0 are affected. The issue is addressed in version 1.11.1, which includes a fix that implements proper rate limiting for email sending.

Risk and Exploitability

The CVSS score of 2.7 indicates a low severity, and the EPSS score of less than 1% suggests a low likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. An attacker would need to be an authenticated user with the ability to send emails, and the attack vector is likely internal. While the impact on availability is significant, the overall risk remains modest due to the low base score and exploitation probability.

Generated by OpenCVE AI on April 3, 2026 at 22:28 UTC.

Remediation

Vendor Solution

Product(s)Fixing VRMPlatformLink to FixIBM Aspera Shares1.11.1 Windows click here https://www.ibm.com/support/fixcentral/swg/selectFixes IBM Aspera Shares1.11.1 Linux click here https://www.ibm.com/support/fixcentral/swg/selectFixes

OpenCVE Recommended Actions

  • Apply the IBM Aspera Shares 1.11.1 patch to implement proper email rate limiting
  • Verify that the patch has been installed and that rate limits are operational
  • Monitor mail server logs for abnormal email traffic patterns and enforce stricter access controls if necessary

Generated by OpenCVE AI on April 3, 2026 at 22:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 03 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:ibm:aspera_shares:*:*:*:*:*:*:*:*

Thu, 02 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description IBM Aspera Shares 1.9.9 through 1.11.0 does not properly rate limit the frequency that an authenticated user can send emails, which could result in email flooding or a denial of service.
Title Multiple vulnerabilities have been addressed in IBM Aspera Shares
First Time appeared Ibm
Ibm aspera Shares
Weaknesses CWE-770
CPEs cpe:2.3:a:ibm:aspera_shares:1.11.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:aspera_shares:1.9.9:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm aspera Shares
References
Metrics cvssV3_1

{'score': 2.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L'}

Subscriptions

Ibm Aspera Shares
cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2026-04-02T13:32:28.743Z

Reserved: 2025-12-02T18:42:37.817Z

Link: CVE-2025-66487

cve-icon Vulnrichment

Updated: 2026-04-02T13:26:13.502Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-01T23:17:02.600

Modified: 2026-04-03T19:47:56.820

Link: CVE-2025-66487

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-07T07:56:21Z

Weaknesses