CVE-2024-38318

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Published Feb 5, 2025

CWE ID 80

Summary

CVE-2024-38318 is a vulnerability affecting IBM Aspera Shares versions 1.9.0 through 1.10.0 PL6. This issue allows remote attackers to inject malicious HTML code into the system. If successfully exploited, the malicious code would be executed in the victim's Web browser, potentially leading to serious security consequences such as data theft or unauthorized access, as the code would run within the hosting site's security context. Users are strongly urged to update their IBM Aspera Shares software to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Ibm Aspera Shares

Affected Vendors

IBM Corporation

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/wdWPw2
https://www.cve.org/CVERecord?id=CVE-2024-38318
https://nvd.nist.gov/vuln/detail/CVE-2024-38318

Back to Vulnerability Database