IBM Aspera Console
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in IBM Aspera Console.
By the Year
In 2026 there have been 5 vulnerabilities in IBM Aspera Console with an average score of 5.4 out of ten. Last year, in 2025 Aspera Console had 6 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Aspera Console in 2026 could surpass last years number. Last year, the average CVE base score was greater by 0.76
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 5 | 5.36 |
| 2025 | 6 | 6.12 |
| 2024 | 6 | 6.45 |
| 2023 | 1 | 6.10 |
It may take a day or so for new Aspera Console vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent IBM Aspera Console Security Vulnerabilities
IBM Aspera Console 3.3.0-3.4.8 Authenticated Email Service DoS
CVE-2025-13212
5.3 - Medium
- March 13, 2026
IBM Aspera Console 3.3.0 through 3.4.8 could allow an authenticated user to cause a denial of service in the email service due to improper control of interaction frequency.
Insufficient anti-automation
IBM Aspera Console 3.3.0-3.4.8 Privileged DoS via Workflow Enforcement
CVE-2025-13459
2.7 - Low
- March 13, 2026
IBM Aspera Console 3.3.0 through 3.4.8 could allow a privileged user to cause a denial of service due to improper enforcement of behavioral workflow.
Improper Enforcement of Behavioral Workflow
IBM Aspera Console 3.3.0-3.4.8 Username Enum via Response Discrepancy
CVE-2025-13460
5.3 - Medium
- March 13, 2026
IBM Aspera Console 3.3.0 through 3.4.8 could allow an attacker to enumerate usernames due to an observable response discrepancy.
Observable Response Discrepancy
IBM Aspera Console SQL Injection (v3.4.0-3.4.8)
CVE-2025-13379
8.6 - High
- February 05, 2026
IBM Aspera Console 3.4.0 through 3.4.8 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database.
SQL Injection
IBM Aspera Console 3.4.7 Local Privileged User Log File Info Leak
CVE-2025-13925
4.9 - Medium
- January 20, 2026
IBM Aspera Console 3.4.7 stores potentially sensitive information in log files that could be read by a local privileged user.
Insertion of Sensitive Information into Log File
IBM Aspera Console 3.4.x Weak Crypto Decrypt Sensitive Data
CVE-2022-43851
7.5 - High
- April 14, 2025
IBM Aspera Console 3.4.0 through 3.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
Use of a Broken or Risky Cryptographic Algorithm
IBM Aspera Console 3.4.0-3.4.4: HTTP Header Injection - XSS, Cache Poisoning
CVE-2022-43847
5.4 - Medium
- April 14, 2025
IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.
Improper Neutralization of HTTP Headers for Scripting Syntax
IBM Aspera Console XSS (3.4.0-3.4.4) Allows Credential Disclosure
CVE-2022-43850
5.4 - Medium
- April 14, 2025
IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
XSS
IBM Aspera Console 3.4.0-3.4.4 HTTP Header Info Disclosure
CVE-2022-43852
5.3 - Medium
- April 14, 2025
IBM Aspera Console 3.4.0 through 3.4.4 could disclose sensitive information in HTTP headers that could be used in further attacks against the system.
Exposure of Sensitive System Information to an Unauthorized Control Sphere
IBM Aspera Console 3.4.0-3.4.4 Password Reuse Vulnerability
CVE-2023-27272
8.8 - High
- April 14, 2025
IBM Aspera Console 3.4.0 through 3.4.4 allows passwords to be reused when a new user logs into the system.
Weak Password Requirements
IBM Aspera Console 3.4.0-3.4.4 Auth XPath Injection
CVE-2022-43840
4.3 - Medium
- April 14, 2025
IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to an XPath injection vulnerability, which could allow an authenticated attacker to exfiltrate sensitive application data and/or determine the structure of the XML document.
XPath Injection
IBM Aspera Console 3.4.0-3.4.4 - HTTPOnly Cookie Flag Exploited
CVE-2022-43845
7.5 - High
- September 25, 2024
IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie.
Incorrect Permission Assignment for Critical Resource
IBM Aspera Console 3.4.0-3.4.4 CSV Injection Remote Code Exec
CVE-2021-38963
8 - High
- September 25, 2024
IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a CSV injection vulnerability. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CSV Injection
XSS in IBM Aspera Console 3.4.0-3.4.2 PL5 Web UI
CVE-2022-43384
5.4 - Medium
- May 30, 2024
IBM Aspera Console 3.4.0 through 3.4.2 PL5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 238645.
XSS
IBM Aspera Console XSS in Web UI before 3.4.2 PL5
CVE-2022-43575
5.4 - Medium
- May 30, 2024
IBM Aspera Console 3.4.0 through 3.4.2 PL5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 238645.
XSS
IBM Aspera Console 3.4.0-3.4.2 PL9 LPE via Local Page Storage
CVE-2022-43841
3.3 - Low
- May 30, 2024
IBM Aspera Console 3.4.0 through 3.4.2 PL9 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 239078.
IBM Aspera Console 3.4.0-3.4.2 SQL Injection in Console
CVE-2022-43842
9.1 - Critical
- February 23, 2024
IBM Aspera Console 3.4.0 through 3.4.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 239079.
SQL Injection
IBM Aspera Console 3.4.0 XSS Vulnerability: Arbitrary JS in UI
CVE-2021-38927
6.1 - Medium
- December 25, 2023
IBM Aspera Console 3.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 210322.
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for IBM Aspera Console or by IBM? Click the Watch button to subscribe.
