CVE-2024-38317

Summary

CVE-2024-38317 is a newly identified cross-site scripting (XSS) vulnerability affecting IBM Aspera Shares versions 1.9.0 through 1.10.0 PL6. This issue enables privileged users to inject malicious JavaScript code into the Web UI, potentially altering intended functionality and resulting in credential disclosure within a trusted session. By exploiting this vulnerability, attackers could gain unauthorized access to sensitive information, posing a significant risk to organizations using the affected software. It is crucial that affected organizations apply the necessary patches to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.