CVE-2022-43842

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-43842
IBM Aspera Console 3.4.0 through 3.4.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 239079.

8.6 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 4.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/239079 Vendor Advisory
https://www.ibm.com/support/pages/node/7122632 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/239079 Vendor Advisory
https://www.ibm.com/support/pages/node/7122632 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:ibm:aspera_console:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:aspera_console:3.4.2:-:*:*:*:*:*:*
cpe:2.3:a:ibm:aspera_console:3.4.2:patch_level_1:*:*:*:*:*:*
cpe:2.3:a:ibm:aspera_console:3.4.2:patch_level_2:*:*:*:*:*:*
cpe:2.3:a:ibm:aspera_console:3.4.2:patch_level_3:*:*:*:*:*:*
cpe:2.3:a:ibm:aspera_console:3.4.2:patch_level_4:*:*:*:*:*:*
cpe:2.3:a:ibm:aspera_console:3.4.2:patch_level_5:*:*:*:*:*:*
cpe:2.3:a:ibm:aspera_console:3.4.2:patch_level_6:*:*:*:*:*:*
OR cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
History

31 Dec 2024, 15:32

Type Values Removed Values Added
First Time Ibm
Microsoft
Microsoft windows
Linux linux Kernel
Ibm aspera Console
Linux
CPE cpe:2.3:a:ibm:aspera_console:3.4.2:-:*:*:*:*:*:*
cpe:2.3:a:ibm:aspera_console:3.4.2:patch_level_2:*:*:*:*:*:*
cpe:2.3:a:ibm:aspera_console:3.4.2:patch_level_5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:a:ibm:aspera_console:3.4.2:patch_level_6:*:*:*:*:*:*
cpe:2.3:a:ibm:aspera_console:3.4.2:patch_level_3:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:a:ibm:aspera_console:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:aspera_console:3.4.2:patch_level_1:*:*:*:*:*:*
cpe:2.3:a:ibm:aspera_console:3.4.2:patch_level_4:*:*:*:*:*:*
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/239079 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/239079 - Vendor Advisory
References () https://www.ibm.com/support/pages/node/7122632 - () https://www.ibm.com/support/pages/node/7122632 - Vendor Advisory

21 Nov 2024, 07:27

Type Values Removed Values Added
Summary
  • (es) IBM Aspera Console 3.4.0 a 3.4.2 es vulnerable a la inyección SQL. Un atacante remoto podría enviar declaraciones SQL especialmente diseñadas, que podrían permitirle ver, agregar, modificar o eliminar información en la base de datos back-end. ID de IBM X-Force: 239079.
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/239079 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/239079 -
References () https://www.ibm.com/support/pages/node/7122632 - () https://www.ibm.com/support/pages/node/7122632 -

23 Feb 2024, 19:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-02-23 19:15

Updated : 2024-12-31 15:32

NVD link : CVE-2022-43842

Mitre link : CVE-2022-43842

CVE.ORG link : CVE-2022-43842

JSON object : View

Products Affected

microsoft

  • windows

ibm

  • aspera_console

linux

  • linux_kernel
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')