PT-2025-10114 · Ibm · Ibm Aspera Shares

Jasmin Landry

Published

2025-03-07

Updated

2025-03-13

CVE-2025-0162

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:S/C:C/I:N/A:P

Name of the Vulnerable Software and Affected Versions IBM Aspera Shares versions 1.9.9 through 1.10.0 PL7

Description The issue allows a remote authenticated attacker to expose sensitive information or consume memory resources through an XML external entity injection (XXE) attack when processing XML data.

Recommendations For versions 1.9.9 through 1.10.0 PL7, update to a version that includes a fix for the XML external entity injection issue to prevent XXE attacks.

Fix

XXE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-611

Related Identifiers

BDU:2025-06852

CVE-2025-0162

Affected Products

Ibm Aspera Shares

PT-2025-10114 · Ibm · Ibm Aspera Shares

CVE-2025-0162

Weakness Enumeration

Related Identifiers

Affected Products

References · 8