CVE-2021-38963

Name of the Vulnerable Software and Affected Versions IBM Aspera Console versions 3.4.0 through 3.4.4

Description The issue is caused by a CSV injection vulnerability, which could allow a remote authenticated attacker to execute arbitrary code on the system. This can be achieved by persuading a victim to open a specially crafted file. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited.

Recommendations For IBM Aspera Console versions 3.4.0 through 3.4.4, upgrade the affected components immediately to mitigate risks. As a temporary workaround, consider restricting access to the system to minimize the risk of exploitation until the issue is resolved.