CVE-2022-43840

Name of the Vulnerable Software and Affected Versions: IBM Aspera Console versions 3.4.0 through 3.4.4

Description: The issue is an XPath injection vulnerability that could allow an authenticated attacker to exfiltrate sensitive application data and/or determine the structure of the XML document.

Recommendations: For IBM Aspera Console versions 3.4.0 through 3.4.4, consider restricting access to sensitive application data until a patch is available. As a temporary workaround, consider disabling any functionality that uses XPath expressions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.