CVE-2022-43841 : IBM Aspera Console 3.4.0 through 3.4.2 PL9 allows web pages to be stored locally

IBM Aspera Console 3.4.0 through 3.4.2 PL9 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 239078.

Published 2024-05-30 11:45:55

Updated 2025-01-08 17:13:14

Source IBM Corporation

View at NVD, CVE.org

Products affected by CVE-2022-43841

IBM » Aspera Console
Versions from including (>=) 3.4.0 and up to, including, (<=) 3.4.2
cpe:2.3:a:ibm:aspera_console:*:*:*:*:*:*:*:*
Matching versions
IBM » Aspera Console
Versions from including (>=) 3.4.0 and up to, including, (<=) 3.4.2 PL9
cpe:2.3:a:ibm:aspera_console:*:*:*:*:*:*:*:*
Matching versions
IBM » Aspera Console » Version: 3.4.2 Update Patch Level 4
cpe:2.3:a:ibm:aspera_console:3.4.2:patch_level_4:*:*:*:*:*:*
Matching versions
IBM » Aspera Console » Version: 3.4.2 Update Patch Level 5
cpe:2.3:a:ibm:aspera_console:3.4.2:patch_level_5:*:*:*:*:*:*
Matching versions
IBM » Aspera Console » Version: 3.4.2 Update Patch Level 2
cpe:2.3:a:ibm:aspera_console:3.4.2:patch_level_2:*:*:*:*:*:*
Matching versions
IBM » Aspera Console » Version: 3.4.2 Update Patch Level 3
cpe:2.3:a:ibm:aspera_console:3.4.2:patch_level_3:*:*:*:*:*:*
Matching versions
IBM » Aspera Console » Version: 3.4.2 Update Patch Level 1
cpe:2.3:a:ibm:aspera_console:3.4.2:patch_level_1:*:*:*:*:*:*
Matching versions
IBM » Aspera Console » Version: 3.4.2 Update Patch Level 6
cpe:2.3:a:ibm:aspera_console:3.4.2:patch_level_6:*:*:*:*:*:*
Matching versions
IBM » Aspera Console » Version: 3.4.2 Update Patch Level 7
cpe:2.3:a:ibm:aspera_console:3.4.2:patch_level_7:*:*:*:*:*:*
Matching versions
IBM » Aspera Console » Version: 3.4.2 Update Patch Level 8
cpe:2.3:a:ibm:aspera_console:3.4.2:patch_level_8:*:*:*:*:*:*
Matching versions
IBM » Aspera Console » Version: 3.4.2 Update Patch Level 9
cpe:2.3:a:ibm:aspera_console:3.4.2:patch_level_9:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2022-43841

EPSS FAQ

0.02%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 3 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-43841

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.0	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	N/A	N/A	IBM Corporation	2024-05-30
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: None
3.3	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	1.8	1.4	NIST	2025-01-08
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: None
4.0	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	2.5	1.4	IBM Corporation	2024-05-30
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: None

CWE ids for CVE-2022-43841

CWE-525 Use of Web Browser Cache Containing Sensitive Information

The web application does not use an appropriate caching policy that specifies the extent to which each web page and associated form fields should be cached.
Assigned by:
- 9a959283-ebb5-44b6-b705-dcc2bbced522 (Primary)
- psirt@us.ibm.com (Secondary)

References for CVE-2022-43841

https://www.ibm.com/support/pages/node/7155202

Security Bulletin: IBM Aspera Console has addressed multiple HTTP vulnerabilities (CVE-2022-43841, CVE-2024-24795, CVE-2023-38709)
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/239078

IBM Aspera Console information disclosure CVE-2022-43841 Vulnerability Report
Vendor Advisory

Jump to

Vulnerability Details : CVE-2022-43841

Products affected by CVE-2022-43841

Exploit prediction scoring system (EPSS) score for CVE-2022-43841

CVSS scores for CVE-2022-43841

CWE ids for CVE-2022-43841

References for CVE-2022-43841