CVE-2023-38018

IBM Aspera Shares 1.10.0 PL2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 260574.
References
Link Resource
https://www.ibm.com/support/pages/node/7164325 Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:ibm:aspera_shares:1.10.0:patch_level2:*:*:*:*:*:*

History

29 Aug 2024, 14:36

Type Values Removed Values Added
First Time Ibm
Ibm aspera Shares
CVSS v2 : unknown
v3 : 6.3
v2 : unknown
v3 : 5.4
CPE cpe:2.3:a:ibm:aspera_shares:1.10.0:patch_level2:*:*:*:*:*:*
Summary
  • (es) IBM Aspera Shares 1.10.0 PL2 no invalida la sesión después de un cambio de contraseña que podría permitir a un usuario autenticado hacerse pasar por otro usuario en el sistema. ID de IBM X-Force: 260574.
References () https://www.ibm.com/support/pages/node/7164325 - () https://www.ibm.com/support/pages/node/7164325 - Vendor Advisory

12 Aug 2024, 13:41

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-12 13:38

Updated : 2024-08-29 14:36


NVD link : CVE-2023-38018

Mitre link : CVE-2023-38018

CVE.ORG link : CVE-2023-38018


JSON object : View

Products Affected

ibm

  • aspera_shares
CWE
CWE-384

Session Fixation