CVE-2024-56472

CVSS 3.1 Score 6.4 of 10 (medium)

Details

Published Feb 5, 2025

CWE ID 79

Summary

CVE-2024-56472 is a stored cross-site scripting (XSS) vulnerability affecting IBM Aspera Shares versions 1.9.0 through 1.10.0 PL6. Authenticated users can exploit this issue by embedding malicious JavaScript code within the Web UI, altering its intended functionality and potentially disclosing sensitive credentials within a trusted session. This vulnerability poses a significant security risk, allowing attackers to gain unauthorized access to protected data. IBM strongly recommends users update to a patched version to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Ibm Aspera Shares

Affected Vendors

IBM Corporation

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/17q1U_
https://www.cve.org/CVERecord?id=CVE-2024-56472
https://nvd.nist.gov/vuln/detail/CVE-2024-56472

Back to Vulnerability Database