CVE-2024-56472

Name of the Vulnerable Software and Affected Versions: IBM Aspera Shares versions 1.9.0 through 1.10.0 PL6

Description: This issue allows authenticated users to embed arbitrary JavaScript code in the Web UI, potentially altering the intended functionality and leading to credentials disclosure within a trusted session. The vulnerability is related to stored cross-site scripting.

Recommendations: For IBM Aspera Shares versions 1.9.0 through 1.10.0 PL6, consider disabling access to the Web UI until a patch is available to prevent exploitation of the stored cross-site scripting vulnerability. Restrict user input to minimize the risk of embedding arbitrary JavaScript code.