PT-2025-5783 · Ibm · Ibm Aspera Shares
Jr0Ch17
·
Published
2025-02-05
·
Updated
2025-02-06
·
CVE-2024-56473
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
IBM Aspera Shares versions 1.9.0 through 1.10.0 PL6
Description:
The issue allows an attacker to spoof their IP address, which is then written to log files, due to improper verification of
Client-IP headers.Recommendations:
For versions 1.9.0 through 1.10.0 PL6, consider implementing proper verification of
Client-IP headers to prevent IP address spoofing. As a temporary workaround, restrict access to log files to minimize the risk of exploitation.Fix
Improper Encoding or Escaping of Output
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Ibm Aspera Shares