Medium Severity

Security Bulletin: IBM Aspera Shares 1.9.14 Patch Level 1 and earlier are vulnerable to DOM XSS

Sep 4, 2020 8:00 pm EDT

Share this post:

DOM XSS on IBM Aspera Shares 1.9.14 Patch Level 1 and earlier could lead to HTML/JS injection and Account takeover.

Affected product(s) and affected version(s):

Affected Product(s)	Version(s)
IBM Aspera Shares	1.9.14 Patch Level 1 and earlier

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6326929

Medium Severity

Security Bulletin: Java Quarterly CPU affecting Watson Knowledge Catalog for IBM Cloud Pak for Data

Search Posts

Resources

Feed for PSIRT Blog Posts

IBM Product Security Vulnerabilities

See information about: IBM Security Bulletins, IBM Security Vulnerability Management (PSIRT), Reporting a Security Issue, IBM Secure Engineering

Learn More

IBM Product Support Portal

Access IBM Product Support to: Subscribe to Notifications, Download Fixes & PTFs (Fix Central), Access the Directory of IBM Worldwide Contacts

See What's New

Helpful Information

Security Bulletin: IBM Resilient SOAR is Using Components with Known Vulnerabilities – Java SE (CVE-2020-14779, CVE-2020-14792, CVE-2020-14796, CVE-2020-14797, CVE-2020-14798)

Feb 25, 2021 7:00 pm EST | Medium Severity

IBM Resilient SOAR is Using Components with Known Vulnerabilities - Java SE (CVE-2020-14779, CVE-2020-14792, CVE-2020-14796, CVE-2020-14797, CVE-2020-14798) ...read more

Security Bulletin: A Security Vulnerability affects IBM Cloud Private – OpenSSL (CVE-2019-1551)

Feb 25, 2021 7:00 pm EST | Medium Severity

A Security Vulnerability affects IBM Cloud Private ...read more

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Oct 2020

Feb 25, 2021 7:00 pm EST | Medium Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 SR10-FP70 and Version 8 SR6-FP15 used by IBM Tivoli Application Dependency Discovery Manager (TADDM). These issues were disclosed as part of the IBM Java SDK updates in Oct2020. ...read more

Medium Severity

Security Bulletin: IBM Aspera Shares 1.9.14 Patch Level 1 and earlier are vulnerable to DOM XSS

Security Bulletin: Java Quarterly CPU affecting Watson Knowledge Catalog for IBM Cloud Pak for Data

Security Bulletin: Cross-site scripting vulnerability affects IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2020-4516

Search Posts

Archives

Resources

IBM Product Security Vulnerabilities

IBM Product Support Portal

Helpful Information

Security Bulletin: IBM Resilient SOAR is Using Components with Known Vulnerabilities – Java SE (CVE-2020-14779, CVE-2020-14792, CVE-2020-14796, CVE-2020-14797, CVE-2020-14798)

Feb 25, 2021 7:00 pm EST | Medium Severity

Security Bulletin: A Security Vulnerability affects IBM Cloud Private – OpenSSL (CVE-2019-1551)

Feb 25, 2021 7:00 pm EST | Medium Severity

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Oct 2020

Feb 25, 2021 7:00 pm EST | Medium Severity