IBM Aspera Shares
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in IBM Aspera Shares.
By the Year
In 2026 there have been 6 vulnerabilities in IBM Aspera Shares with an average score of 5.1 out of ten. Last year, in 2025 Aspera Shares had 8 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Aspera Shares in 2026 could surpass last years number. Last year, the average CVE base score was greater by 0.65
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 6 | 5.10 |
| 2025 | 8 | 5.75 |
| 2024 | 2 | 5.95 |
It may take a day or so for new Aspera Shares vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent IBM Aspera Shares Security Vulnerabilities
IBM Aspera Shares 1.9.9-1.11.0 Improper Email Rate Limiting (CVE-2025-66487)
CVE-2025-66487
2.7 - Low
- April 01, 2026
IBM Aspera Shares 1.9.9 through 1.11.0 does not properly rate limit the frequency that an authenticated user can send emails, which could result in email flooding or a denial of service.
Allocation of Resources Without Limits or Throttling
IBM Aspera Shares 1.9.9-1.11.0 HTML Injection Allowing XSS in Web UI
CVE-2025-66486
4.8 - Medium
- April 01, 2026
IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
Basic XSS
IBM Aspera Shares 1.9.9-1.11.0 HTTP Header Injection Affecting XSS & Cache Poison
CVE-2025-66485
5.4 - Medium
- April 01, 2026
IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.
Improper Neutralization of HTTP Headers for Scripting Syntax
IBM Aspera Shares XSS in Web UI 1.9.9-1.11.0
CVE-2025-66484
5.5 - Medium
- April 01, 2026
IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
XSS
IBM Aspera Shares 1.9.91.11.0 Session Invalidation Missing Post Pwd Reset Impersonate
CVE-2025-66483
6.3 - Medium
- April 01, 2026
IBM Aspera Shares 1.9.9 through 1.11.0 does not invalidate session after a password reset which could allow an authenticated user to impersonate another user on the system.
Insufficient Session Expiration
IBM Aspera Shares 1.9.91.11.0 Weak Crypto Allows Decryption
CVE-2025-13916
5.9 - Medium
- April 01, 2026
IBM Aspera Shares 1.9.9 through 1.11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information
Use of a Broken or Risky Cryptographic Algorithm
IBM Aspera Shares XXE vulnerability (1.9.9-1.10.0 PL7)
CVE-2025-0162
7.1 - High
- March 07, 2025
IBM Aspera Shares 1.9.9 through 1.10.0 PL7 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
XXE
IBM Aspera Shares IP Spoofing via Client-IP header pre-1.10.0 PL6
CVE-2024-56473
5.3 - Medium
- February 05, 2025
IBM Aspera Shares 1.9.0 through 1.10.0 PL6 could allow an attacker to spoof their IP address, which is written to log files, due to improper verification of 'Client-IP' headers.
Output Sanitization
IBM Aspera Shares 1.9-1.10 PL6 Auth Users Can Flood Emails (No Rate Limit)
CVE-2024-38316
6.5 - Medium
- February 05, 2025
IBM Aspera Shares 1.9.0 through 1.10.0 PL6 does not properly rate limit the frequency that an authenticated user can send emails, which could result in email flooding or a denial of service.
Allocation of Resources Without Limits or Throttling
IBM Aspera Shares 1.9.0-1.10.0 PL6 Stored XSS via Authenticated User
CVE-2024-56472
5.4 - Medium
- February 05, 2025
IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
XSS
IBM Aspera Shares SSRF (v<1.10.0 PL6) Authd Attacks
CVE-2024-56471
5.4 - Medium
- February 05, 2025
IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
SSRF
IBM Aspera Shares SSRF in 1.9.0-1.10.0 PL6
CVE-2024-56470
5.4 - Medium
- February 05, 2025
IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
SSRF
XSS via HTML Injection in IBM Aspera Shares 1.9.0-1.10.0 PL6
CVE-2024-38318
6.1 - Medium
- February 05, 2025
IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
XSS
IBM Aspera Shares 1.9.0-1.10.0 PL6 XSS (Web UI)
CVE-2024-38317
4.8 - Medium
- February 05, 2025
IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
XSS
IBM Aspera Shares 1.01.10.0 PL3 Session Not Invalidated: Auth Impersonation
CVE-2024-38315
6.5 - Medium
- September 16, 2024
IBM Aspera Shares 1.0 through 1.10.0 PL3 does not invalidate session after a password reset which could allow an authenticated user to impersonate another user on the system.
Insufficient Session Expiration
IBM Aspera Shares 1.10 PL2 Session Invalidation Failure Auth Impersonation
CVE-2023-38018
5.4 - Medium
- August 12, 2024
IBM Aspera Shares 1.10.0 PL2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 260574.
Session Fixation
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for IBM Aspera Shares or by IBM? Click the Watch button to subscribe.
