HIGH🇵🇱 Wersja polska

CVE-2025-13379

CVSS 8.6v3.1pub. 2026-02-05upd. 2026-02-12

IBM Aspera Console 3.4.0 through 3.4.8 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
  • IBM Aspera Console

    APP
    Ibm
    3.4.0 – 3.4.8
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2021-38963HIGH8.0ten sam produkt

IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote authenticated attacker to execute arbitrary code o...

CVE-2022-43842HIGH8.6ten sam produkt

IBM Aspera Console 3.4.0 through 3.4.2 is vulnerable to SQL injection. A remote attacker could send specially ...

CVE-2021-38927HIGH7.2ten sam produkt

IBM Aspera Console 3.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbit...

CVE-2025-13212MEDIUM5.3ten sam produkt

IBM Aspera Console 3.3.0 through 3.4.8 could allow an authenticated user to cause a denial of service in the e...

CVE-2025-13460MEDIUM5.3ten sam produkt

IBM Aspera Console 3.3.0 through 3.4.8 could allow an attacker to enumerate usernames due to an observable res...