IBM Support

Security Bulletin: IBM Aspera Console has addressed multiple vulnerabilities.

Security Bulletin


Summary

This Security Bulletin addresses multiple vulnerabilities that have been remediated in IBM Aspera Console 3.4.5.

Vulnerability Details

CVEID:   CVE-2024-40725
DESCRIPTION:   Apache HTTP Server allow a remote attacker to obtain sensitive information, caused by an incomplete fix for CVE-2024-39884 related to ignoring some use of the legacy content-type based configuration of handlers. By using AddType, an attacker could exploit this vulnerability, resulting in source code disclosure of local content.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/298128 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:   CVE-2022-43850
DESCRIPTION:   IBM Aspera Console is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base score: 4.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/239226 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N)

CVEID:   CVE-2022-43840
DESCRIPTION:   IBM Aspera Console is vulnerable to an XPath injection vulnerability, which could allow an authenticated attacker to exfiltrate sensitive application data and/or determine the structure of the XML document.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/239077 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

CVEID:   CVE-2022-43851
DESCRIPTION:   IBM Aspera Console uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/239227 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:   CVE-2024-39573
DESCRIPTION:   Apache HTTP Server is vulnerable to server-side request forgery, caused by a flaw in the mod_rewrite. By sending a specially crafted request, an attacker could exploit this vulnerability to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/296120 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)

CVEID:   CVE-2024-39884
DESCRIPTION:   Apache HTTP Server allow a remote attacker to obtain sensitive information, caused by a regression in the core related to ignoring some use of the legacy content-type based configuration of handlers. By using AddType, an attacker could exploit this vulnerability resulting in source code disclosure of local content.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/297177 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:   CVE-2018-25032
DESCRIPTION:   Zlib is vulnerable to a denial of service, caused by a memory corruption in the deflate operation. By using many distant matches, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/222615 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-27272
DESCRIPTION:   IBM Aspera Console allows passwords to be reused when a new user logs into the system.
CVSS Base score: 3.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/248496 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N)

CVEID:   CVE-2024-36387
DESCRIPTION:   Apache HTTP Server s vulnerable to a denial of service, caused by a NULL Pointer dereference flaw when serving WebSocket protocol upgrades over a HTTP/2 connection. By sending a specially crafted request, a remote attacker could exploit this vulnerability to crash the server process and degrade performance.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/296128 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-38472
DESCRIPTION:   Apache HTTP Server is vulnerable to server-side request forgery, caused by improper validation of WIndows UNC. By sending a specially crafted request, an attacker could exploit this vulnerability to leak NTML hashes to a malicious server.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/296127 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:   CVE-2024-38476
DESCRIPTION:   Apache HTTP Server allow a remote attacker to obtain sensitive information, caused by improper input validation by the backend applications response headers. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, perform server-side request forgery attack or local script execution.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/296123 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:   CVE-2015-4000
DESCRIPTION:   The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly convey a DHE_EXPORT ciphersuite choice. An attacker could exploit this vulnerability using man-in-the-middle techniques to force a downgrade to 512-bit export-grade cipher. Successful exploitation could allow an attacker to recover the session key as well as modify the contents of the traffic. This vulnerability is commonly referred to as "Logjam".
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/103294 for the current score.
CVSS Vector:

CVEID:   CVE-2022-43852
DESCRIPTION:   IBM Aspera Console could disclose sensitive information in HTTP headers that could be used in further attacks against the system.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/239228 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID:   CVE-2022-43847
DESCRIPTION:   IBM Aspera Console is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/239168 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)

CVEID:   CVE-2024-38473
DESCRIPTION:   Apache HTTP Server could allow a remote attacker to bypass security restrictions, caused by an encoding flaw in mod_proxy. By sending specially crafted requests with incorrect encoding an attacker could exploit this vulnerability to bypass authentication validation.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/296126 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID:   CVE-2022-43845
DESCRIPTION:   IBM Aspera Console could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/239166 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID:   CVE-2024-40898
DESCRIPTION:   Apache HTTP Server is vulnerable to server-side request forgery, caused by an error on Windows with mod_rewrite in server/vhost context. By sending a specially crafted request, an attacker could exploit this vulnerability to leak NTLM hashes to a malicious server.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/298127 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s)Version(s)
IBM Aspera Console3.4.0 - 3.4.4

Remediation/Fixes

It is recommended that customers upgrade to the latest version of IBM Aspera Console:

 

Product(s)Fixing VRMPlatformLink to Fix
IBM Aspera Console
3.4.5
Windowsclick here
IBM Aspera Console
3.4.5
Linuxclick here

Workarounds and Mitigations

None

Get Notified about Future Security Bulletins

References

Off

Acknowledgement

Change History

23 Sep 2024: Initial Publication

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. "Affected Products and Versions" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.

Document Location

Worldwide

[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSRFYR","label":"IBM Aspera on Demand"},"Component":"","Platform":[{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"1.0","Edition":"","Line of Business":{"code":"LOB67","label":"IT Automation \u0026 App Modernization"}},{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSQ65JJ","label":"IBM Aspera Enterprise"},"Component":"","Platform":[{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"1.0","Edition":"","Line of Business":{"code":"LOB67","label":"IT Automation \u0026 App Modernization"}},{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSGPXC","label":"IBM Aspera Console"},"Component":"","Platform":[{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"3.4.2 PL7","Edition":"","Line of Business":{"code":"LOB67","label":"IT Automation \u0026 App Modernization"}},{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS8NDZ","label":"IBM Aspera"},"Component":"","Platform":[{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"1.0","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}},{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSHI916","label":"IBM Aspera Enterprise On Demand"},"Component":"","Platform":[{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"1.1","Edition":"","Line of Business":{"code":"LOB67","label":"IT Automation \u0026 App Modernization"}}]

Document Information

Modified date:
23 September 2024

UID

ibm17169766