CVE-2024-38316

Name of the Vulnerable Software and Affected Versions: IBM Aspera Shares versions 1.9.0 through 1.10.0 PL6

Description: The issue is related to the improper rate limiting of email sending frequency by authenticated users, which could lead to email flooding or a denial of service.

Recommendations: For versions 1.9.0 through 1.10.0 PL6, consider implementing a rate limit on the frequency of emails that can be sent by an authenticated user to prevent email flooding or denial of service. As a temporary workaround, restrict the email sending functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.