CVE-2022-43840

Medium

IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to an XPath injection vulnerability, which could allow an authenticated attacker to…

ibm·CWE-643·Published 2025-04-14

CVSS

4.3

EPSS

0.00

KEV

Exploits

cve.orgen

227 chars

IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to an XPath injection vulnerability, which could allow an authenticated attacker to exfiltrate sensitive application data and/or determine the structure of the XML document.

NVDen

227 chars

NVDes

227 chars

IBM Aspera Console 3.4.0 a 3.4.4 es vulnerable a una vulnerabilidad de inyección XPath, que podría permitir que un atacante autenticado filtre datos confidenciales de la aplicación y/o determine la estructura del documento XML.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	4.3	—	—	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
3.1	Secondary	NVD	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N